Entity Query API

DRAFT — Internal Developer Use Only

This API reference is for internal development teams.

Overview

What it is: The entity query API enables programmatic search and retrieval of identity data collected by Discovery. It supports server-side row model (SSRM) queries with filtering, sorting, grouping, and pagination.

Why it matters: Cross-product integrations rely on entity queries to retrieve accounts, owners, groups, and other identity objects. Hydden Control uses these endpoints to synchronize identity data for access reviews.

Endpoints

Method	Path	Description	Auth required
POST	/internal/v1/entity/query	Query the entity data store	JWT + API token
POST	/internal/v1/entity/query/columns	Get column definitions for a query	JWT + API token

---

POST /internal/v1/entity/query

Execute a server-side query against the entity data store. Supports pagination, filtering, sorting, and row grouping.

Request:

POST /internal/v1/entity/query
Authorization: Bearer <token>
Content-Type: application/json

{
  "ViewTime": "2026-02-12T00:00:00Z",
  "offset": 0,
  "limit": 100,
  "filterModel": {
    "Status": {
      "filterType": "text",
      "type": "equals",
      "filter": "active"
    }
  },
  "sortModel": [
    {
      "colId": "Account Name",
      "sort": "asc"
    }
  ],
  "rowGroupCols": [],
  "groupKeys": []
}

Request fields:

Field	Type	Required	Description
ViewTime	string (ISO 8601)	No	Point-in-time snapshot. Defaults to current time.
offset	integer	Yes	Number of rows to skip
limit	integer	Yes	Maximum rows to return (max 10000)
filterModel	object	No	Column filter conditions
sortModel	array	No	Sort order definitions
rowGroupCols	array	No	Columns to group by
groupKeys	array	No	Group key values for drill-down

Response (200):

{
  "columns": [
    { "field": "Id", "headerName": "ID" },
    { "field": "Account Name", "headerName": "Account Name" },
    { "field": "Email", "headerName": "Email" },
    { "field": "Status", "headerName": "Status" },
    { "field": "Data Source Id", "headerName": "Data Source" }
  ],
  "rows": [
    {
      "Id": "acc-uuid-001",
      "Account Name": "jdoe",
      "Email": "jdoe@example.com",
      "Status": "active",
      "Data Source Id": "ds-uuid-001"
    }
  ],
  "totalCount": 1542,
  "viewTime": "2026-02-12T00:00:00Z"
}

Control Integration

Control calls entity query endpoints using pre-configured search IDs to retrieve specific data sets:

Control operation	Discovery endpoint	Search ID
List accounts	POST /api/v1/global/ssrmquery/{id}	ASpnJ4bLpFRGBZxEwAEPullOFx5
List account owners	POST /api/v1/global/ssrmquery/{id}	UVYaMSAx8evNujhC75QELLRej2T
Bulk owner accounts	POST /api/v1/global/ssrmquery/{id}	DUrG0M5i1MYn0H99KwSpezBqLtt
Bulk group memberships	POST /api/v1/global/ssrmquery/{id}	W8fSFbTri7TqbXWgdZVpBjLZMNn
List groups	POST /api/v1/global/search/{id}	5giWu96fvwE0N3LVgm60eKfI6X6
Get group members	GET /api/v1/global/search/{id}	8XYzi8x3XmVmA47OehS6q1K8Jia

Control field mapping: Control maps Discovery response fields to its internal Account model:

Discovery field	Control field	Notes
Id	AccountID	Unique identifier
Account Name	AccountName	Display name
Account Type	AccountType	Account classification
Email	Email	Primary email
UPN	UPN	User principal name
Data Source Id	ApplicationID	Maps account to application
Status	Status	Active/inactive state

---

POST /internal/v1/entity/query/columns

Get column definitions for a query type. Use this to discover available fields before building a query.

Request:

POST /internal/v1/entity/query/columns
Authorization: Bearer <token>
Content-Type: application/json

{
  "queryType": "accounts"
}

Response (200):

{
  "columns": [
    { "field": "Id", "headerName": "ID", "type": "string" },
    { "field": "Account Name", "headerName": "Account Name", "type": "string" },
    { "field": "Email", "headerName": "Email", "type": "string" },
    { "field": "Status", "headerName": "Status", "type": "string" },
    { "field": "TotalThreat", "headerName": "Total Threat", "type": "number" }
  ]
}