Identity System API

Identity System API

The NYU Identity System API provides secure, programmatic access to authoritative identity data across the University. It serves as a central point for retrieving and managing information related to individuals within the NYU community, including students, faculty, staff, and alumni.

Key Features:

• Comprehensive Data Access: Retrieve identity attributes such as NetID, University ID, employee ID, affiliation details, and email aliases. Data is sourced from systems like Workday (HR), SIS (Student Information System), Advance (Alumni), and the Sailpoint.
• Standardized API Endpoints: The API follows RESTful conventions, offering endpoints that return data in JSON format. This standardization ensures consistency and ease of integration for developers.
• Secure Access: Access to the NYU Identity System is governed by strict data stewardship policies. To ensure compliance with institutional standards, developers must undergo an approval process, including an Architecture Review Board (ARB) evaluation and final approval from data stewards. This process is designed to maintain the integrity and security of identity data across the University.
• OAuth 2.0 Authentication: The API employs OAuth 2.0 for secure authentication. Developers must register their applications in the NYU API Portal, obtain a client ID and secret, and use these credentials to request access tokens. This process ensures that only authorized applications can access the API.

Data Refresh Frequency: API data is refreshed daily at 8:00 a.m. Eastern Time (UTC-05:00)

Requesting API Access

Access to this API is strictly governed by the respective data stewards; all access requests require their approval. Please note that there are multiple steps to gain access to this API, and they need to be followed in order.

1. If you don’t already have one, request a Service Account/Special Purpose ID from Identity Data Services.

   • Request a Service Account/Special Purpose ID
   • Be sure to review: Policy on Accounts (NetIDs, Special-purpose NetIDs, Privileged Access Accounts) and Access (MFA, Passwords)

2. Submit an API access request via https://dataaccess.it.nyu.edu (VPN is required off-campus).

   • Note: As part of this access request, you need to identify the Service Account/Special Purpose ID that will be used to access the API. If you don’t already have one, please go back to Step 1.
   • Click on “API Access Form” and fill out the form to the best of your knowledge.
   • See also: NYU APIs Governance Workflow (API Access Request) (VPN is required off-campus).

3. Complete the review process.

   • Architecture Review Board (ARB) Review: After receiving your request, you’ll be contacted to schedule an ARB Review meeting. During this review, the ARB will evaluate your technical implementation to ensure it meets technology requirements and security standards. This step includes preparing a set of supporting documents that will be used for final Data Steward Approval. Expect this process to take approximately two to three weeks.
   • Data Steward Approval: Upon completion of the ARB Review, your request will be forwarded to the Data Stewards for final approval.

4. Log in with the Service Account.

   • Upon completion and approval of your API access request, log out of this API portal and log back in using the Service Account/Special Purpose ID specified in the API access form.
   • Click the "Request Access" button in the top right corner of this page.
   • Create a new application and name it to reflect your client application in a way that is identifiable to the API team (please avoid using spaces or special characters).
   • Once the application is created and the access request is submitted, you will receive a client_id and client_secret.
   • See also: Connecting to APIs.

5. Obtain an OAuth 2.0 Access Token:

   • Follow the instructions to obtain an OAuth 2.0 access token.
   • API Token Generation (VPN is required off-campus).

Estimated API Access Approval Time: requests typically take 3–6 weeks to complete. Some requests may take longer based on specific requirements or external factors.

Identity System API Content Overview

The NYU Identity System API is the authoritative source for identity correlation data at NYU, aggregating information from various systems such as Workday (HR), SIS (Student Information System), Advance (Alumni), and the Registry. This system provides a unified view of an individual's identity across these platforms, ensuring consistent and accurate representation within the NYU ecosystem.

The aggregation and correlation of identity data within the NYU Identity System are driven by the SailPoint IdentityIQ platform. SailPoint facilitates the identification and linking of user accounts across different systems, enabling a comprehensive and cohesive identity profile for each individual.

Please note that the data within the NYU Identity System is refreshed on a daily basis. Consequently, there may be a delay between changes in source systems and their reflection in the Identity System. The system is read-only; no direct updates are permitted outside of its internal aggregation processes.

NOTE: Shanghai data is not available in this version.

• dept_code = Workday Supervisory Org for employee
• dept_code = SIS Academic Org for student
• dept_code = School code (for eg. PY code is Tandon School of Engineering) for alumni

API Support

• For more information on APIs, tools, testing, and other resources, please refer to the NYU Developer Portal (VPN is required off-campus).
• For troubleshooting assistance with using the API, please email the API Services Team.