API Documentation
Directory Changes API Documentation
Last updated
Directory Changes API Documentation
Last updated
The Directory Changes API allows developers to retrieve changes (delta changes) for different types of resources in a directory service. This API is useful for keeping track of user, group, and membership changes in a system, especially in scenarios where on-premises synchronization is involved.
The base endpoint for this API is:
All API requests require authentication using an API key that should be included in the request headers.
Retrieves changes (created, updated, deleted) for specified resource types since a given timestamp.
Query Parameters
onPremisesSyncEnabled
boolean
Yes
Filter for resources that have on-premises sync enabled or disabled
lastSyncDate
string
No
ISO timestamp to retrieve changes that occurred after this date
resourceType
string (enum)
Yes
Type of resource to get changes for. Possible values: user, group, membership
Request Headers
x-api-key
string
Yes
API key for authentication
Response
Status Code: 200 (Success)
Status Code: 400 (Bad Request)
Returned when the request is invalid or missing required parameters.
The API deals with three main resource types:
Represents user entities in the system.
id
string (UUID)
Unique identifier for the user
displayName
string
The display name of the user
department
string
Department the user belongs to
jobTitle
string
User's job title
businessPhones
string[]
List of business phone numbers
surname
string
Last name of the user
givenName
string
First name of the user
accountEnabled
boolean
Whether the user account is enabled
userPrincipalName
string
Principal name used for authentication
onPremisesDomainName
string
Domain name for on-premises AD (if applicable)
onPremisesSamAccountName
string
SAM account name for on-premises AD
onPremisesSecurityIdentifier
string
Security identifier for on-premises AD
onPremisesLastSyncDateTime
string
Timestamp of last sync with on-premises AD
onPremisesUserPrincipalName
string
UPN for on-premises AD
Represents group entities in the system.
id
string (UUID)
Unique identifier for the group
displayName
string
The display name of the group
created
string
Timestamp when the group was created
description
string
Description of the group
mailNickname
string
Mail nickname for the group (if applicable)
mailEnabled
boolean
Whether mail is enabled for this group
onPremisesSyncEnabled
boolean
Whether this group syncs with on-premises AD
onPremisesSamAccountName
string
SAM account name for on-premises AD
onPremisesNetBiosName
string
NetBIOS name for on-premises AD
onPremisesDomainName
string
Domain name for on-premises AD
onPremisesSecurityIdentifier
string
Security identifier for on-premises AD
onPremisesLastSyncDateTime
string
Timestamp of last sync with on-premises AD
Represents membership relationships between users and groups.
userId
string (UUID)
ID of the user in the membership
groupId
string (UUID)
ID of the group in the membership
The API tracks three types of changes:
created
A new resource was created
updated
An existing resource was modified
deleted
A resource was removed
The API returns standard HTTP status codes to indicate the success or failure of a request:
200
OK - The request was successful
400
Bad Request - The request was invalid or cannot be served
401
Unauthorized - API key is missing or invalid
Efficient Syncing: Use the lastSyncDate parameter to only retrieve changes since your last synchronization.
Rate Limiting: Implement appropriate rate limiting in your client applications to prevent API throttling and ensure consistent service availability.
Error Handling: Implement robust error handling to manage API failures gracefully.
Authentication: Please keep your API key secure and store it in any key-value solutions such as vault.
