Creating an API Client

ProfileSync requires a dedicated API client to retrieve user profile data from the Identity Cloud. This API client (also referred to as a property) must use the direct_access feature. Do not configure your new client to use login_client (the default feature set).

For additional security, you can also use the entityType APIs to set an "access schema" on the underlying user profile database. An access schema defines the set of attributes that an API client can access, and also specifies the type of access (read or read/write) that the client has. For example, this Curl command grants the API client with the client ID zng82v8x6q2vchfe3z2dv8xrtxcrjdhf read access to the givenName, familyName, and email attributes:

curl -X POST \

'[%22givenName%22,%22familyName%22,%22email%22]&access_type=read' \

See the setAccessSchema endpoint documentation for more information.

To create a new API client (property), complete the following procedure:

  1. In the Console, click Manage Properties:
  2. On the Manage Properties page, click Create Property:
  3. On the Create Property page, enter the name of the new API client in the Name field:

    Although you can give the new API client any name you wish, we recommend that you select a name that indicates that the client will be used with the ProfileSync service.
  4. In the Features list, clear the login_client checkbox and then select direct_access:
  5. Click the Create Property icon to save the new API client: