Reference

The IAM API hub.

Canonical reference catalog of major IAM vendor APIs — Okta, Entra Graph, SailPoint, CyberArk, Auth0, Saviynt, PingOne, BeyondTrust. Base URLs, auth methods, method counts.

Okta Workforce + CICREST95+ methods
Base URL
https://{yourOktaDomain}/api/v1/
Auth
API Token or OAuth 2.0
Docs
Official API docs ↗
Recent
- 2026-05-22Identity Threat Protection — adaptive risk-policy event types added.
- 2026-05-08WebAuthn enrollment now supports attestation conveyance preference per-policy.
- 2026-04-24Provisioning Inbound — SCIM filter support for ne (not-equal) operator GA.
Full release-notes archive →
Microsoft Entra (Graph API)REST200+ methods
Base URL
https://graph.microsoft.com/v1.0/
Auth
OAuth 2.0 (delegated or app-only)
Docs
Official API docs ↗
Recent
- 2026-05-21Conditional Access — token-protection policy GA.
- 2026-05-07External ID — pricing announced post-preview.
- 2026-04-30Entra ID Governance — access reviews recurrence flexibility added.
Full release-notes archive →
SailPoint Identity Security CloudREST140+ methods
Base URL
https://{tenant}.api.identitynow.com/v3/
Auth
OAuth 2.0 client credentials
Docs
Official API docs ↗
Recent
- 2026-05-19Access modeling AI — new exclusion-recommendation endpoints.
- 2026-05-05Workflows — event-based triggers for certification campaigns.
- 2026-04-21Connectors — Workday HCM connector v2 GA.
Full release-notes archive →
CyberArk Identity + Privilege CloudREST110+ methods
Base URL
https://{tenant}.id.cyberark.cloud/api/
Auth
OAuth 2.0 client credentials
Docs
Official API docs ↗
Recent
- 2026-05-24Identity Security Insights — new threat-event API endpoint.
- 2026-05-10Secure Web Sessions — policy API expanded with device-posture conditions.
- 2026-04-26Conjur — new ephemeral-secret rotation interval policy.
Full release-notes archive →
Auth0 / Okta CICREST80+ methods
Base URL
https://{tenant}.auth0.com/api/v2/
Auth
OAuth 2.0 management tokens
Docs
Official API docs ↗
Recent
- 2026-05-23Forms — new condition operator for ELS rules.
- 2026-05-09Custom Domains — per-tenant cert auto-rotate window narrowed.
- 2026-04-25Actions runtime — Node 22 LTS GA.
Full release-notes archive →
Saviynt Enterprise Identity CloudREST90+ methods
Base URL
https://{tenant}.saviyntcloud.com/ECM/api/
Auth
JWT bearer
Docs
Official API docs ↗
Recent
- 2026-05-20New /api/v5/userimports for high-throughput delta ingestion.
- 2026-05-06Risk-based access certification — recommender API GA.
- 2026-04-22Connector framework — generic REST connector now supports OAuth 2.0 PKCE.
Full release-notes archive →
PingOne (Workforce + DaVinci)REST130+ methods
Base URL
https://api.pingone.com/v1/
Auth
OAuth 2.0
Docs
Official API docs ↗
Recent
- 2026-05-18DaVinci — new pre-built node for AAL3 step-up.
- 2026-05-04PingOne Verify — biometric template expiration policy GA.
- 2026-04-20PingOne Authorize — Cedar policy support GA.
Full release-notes archive →
BeyondTrust (Password Safe + Privileged Remote Access)REST70+ methods
Base URL
https://{appliance}/BeyondTrust/api/public/v3/
Auth
API Key + IP allowlist
Docs
Official API docs ↗
Recent
- 2026-05-17Smart Rules — new condition family for cloud-asset tags.
- 2026-05-03Privileged Remote Access — Jumpoint API for cloud workloads.
- 2026-04-19Endpoint Privilege Management — policy export API.
Full release-notes archive →

Engineering

Building on these APIs?

We ship custom IAM integrations across all 8 of these surfaces. Our engineers carry the vendor certs that make audit-defensibility cheap.

Custom IAM developmentRequest services