Find Reviews
Find access reviews in the system. The command uses the PV_REVIEW public view to find data. Any filters passed should apply to this public view.
GET https://instance.securid.com/aveksa/command.submit?cmd=findReviews
Request
Parameters
| findReviews | |
| format | properties - (Default) Returns the response as key=value pairs. When multiple objects are returned, values are comma-delimited: key=value1,value2,value3.json - Returns the response as JSON.csv - Returns the response as comma-separated values.tsv - Returns the response as tab-separated values.xml - Returns the response as XML. |
| delimiter | The delimiter to use between values for csv and properties formats |
| returnColumns | The names of the columns to return. |
| returnMaxRows | The maximum number of objects to return |
| distinct | true, false Returns only distinct values, equivalent to the distinct keyword in SQL. |
| sortByColumns | The results will be sorted based on the columns listed using comma as the delimiter if multiple columns are specified. Refer to Columns table below. |
| sortDirection | Determines sorting order. asc for ascending, desc for descending. If not specified, the natural order returned by the database is used. |
| includeHeaderRow | true, false Include column headers when the return format is csv or tsv. (Default) true |
| ignoreCase | true, false Returns case-insensitive search results for specified filter parameters. (Default) false |
Filter Parameters
Any column listed in the Columns table can be passed as a filter parameter to narrow results. Filters are matched against the PV_REVIEW public view.
Query logic
| Scenario | Behavior |
|---|---|
Two different parameters: review_type=User&state=InProcess | AND. Returns User reviews that are currently in process. |
Same parameter repeated: review_type=User&review_type=GlobalRole | OR within that field. Returns User or GlobalRole reviews. |
Mixed: state=InProcess&review_type=User&review_type=GlobalRole | (state is InProcess) AND (type is User or GlobalRole) |
A single API call cannot return reviews where review_type=User OR state=InActionable. OR logic between different filter parameters is not supported.
Workaround: Make separate requests for each filter condition. Merge and deduplicate the results client-side.
Columns
| id | [Primary Key] Unique review instance identifier |
| name | Review instance name |
| review_type | Type of review. Common values: User (user access review), GlobalRole (role review) |
| category | Review category (e.g., Access Review) |
| state | Current state of the review. Common values: InProcess (active), InActionable (awaiting action) |
| is_active | True, False Whether the review is currently active |
| review_definition_id | [Foreign Key referencing REVIEW_DEFINITION.ID] Definition this review instance was created from |
| owner_id | [Foreign Key referencing USERS.ID] User ID of the review owner |
| created_by | [Foreign Key referencing USERS.ID] User ID of who created the review |
| creation_date | Date and time the review was created |
| changed_date | Date and time the review was last modified |
| end_date | Date and time the review is scheduled to end |
| comments | Comments attached to the review |
| source_id | Source identifier if the review was triggered externally |
| source_type | How the review was triggered. UserDefinedDefinition = manually created from a review definition |
Headers
Bearer token | |
| Accept | application/json |
| Content-Type | application/json |
Response
Parameters
The API returns the requested columns specified by returnColumns as output. If returnColumns is unspecified then all columns listed will be returned.
Examples
All columns
Omit returnColumns to return every field for each review.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findReviews&format=json&returnMaxRows=2" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findReviews",
"format": "json",
"returnMaxRows": "2"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findReviews",
format: "json",
returnMaxRows: "2"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findReviews": [
{
"id": "1",
"name": "UAR-1",
"comments": "",
"review_type": "User",
"category": "Access Review",
"state": "InProcess",
"is_active": "True",
"review_definition_id": "4",
"owner_id": "0",
"creation_date": "2024-08-05 02:10:01.0",
"created_by": "0",
"changed_date": "2024-08-05 02:10:01.0",
"end_date": "2025-03-03 18:58:00.0",
"source_id": "",
"source_type": "UserDefinedDefinition"
},
{
"id": "43",
"name": "Role Review-3",
"comments": "",
"review_type": "GlobalRole",
"category": "",
"state": "InProcess",
"is_active": "True",
"review_definition_id": "45",
"owner_id": "0",
"creation_date": "2025-03-29 18:13:00.0",
"created_by": "0",
"changed_date": "2025-03-29 18:13:00.0",
"end_date": "2025-04-19 18:13:00.0",
"source_id": "",
"source_type": "UserDefinedDefinition"
}
]
}
Specific columns
Use returnColumns to limit the response to the fields you need.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findReviews&format=json&returnMaxRows=3&returnColumns=id,name,review_type,state,is_active,creation_date" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findReviews",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,review_type,state,is_active,creation_date"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findReviews",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,review_type,state,is_active,creation_date"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
- 412 Invalid column
{
"findReviews": [
{
"id": "1",
"name": "UAR-1",
"review_type": "User",
"state": "InProcess",
"is_active": "True",
"creation_date": "2024-08-05 02:10:01.0"
},
{
"id": "43",
"name": "Role Review-3",
"review_type": "GlobalRole",
"state": "InProcess",
"is_active": "True",
"creation_date": "2025-03-29 18:13:00.0"
},
{
"id": "82",
"name": "UAR-2",
"review_type": "User",
"state": "InProcess",
"is_active": "True",
"creation_date": "2025-07-22 14:22:59.0"
}
]
}
<html>
<head><title>Error</title></head>
<body>The parameter returncolumns contains an invalid column - `invalid_col`.
Query String=cmd=findReviews&format=json&returnMaxRows=2&returnColumns=id,invalid_col</body>
</html>
Filter by a single value
Pass any column name as a query parameter to filter results. The example returns reviews where review_type is User.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findReviews&format=json&returnMaxRows=3&returnColumns=id,name,review_type,state&review_type=User" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findReviews",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,review_type,state",
"review_type": "User"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findReviews",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,review_type,state",
review_type: "User"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findReviews": [
{
"id": "1",
"name": "UAR-1",
"review_type": "User",
"state": "InProcess"
},
{
"id": "82",
"name": "UAR-2",
"review_type": "User",
"state": "InProcess"
},
{
"id": "101",
"name": "UAR-3",
"review_type": "User",
"state": "InActionable"
}
]
}
Filter with OR logic
Repeat the same parameter with different values to match any of them. The example returns reviews where review_type is User or GlobalRole.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findReviews&format=json&returnMaxRows=3&returnColumns=id,name,review_type,state&review_type=User&review_type=GlobalRole" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = [
("cmd", "findReviews"),
("format", "json"),
("returnMaxRows", "3"),
("returnColumns", "id,name,review_type,state"),
("review_type", "User"),
("review_type", "GlobalRole")
]
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
const params = new URLSearchParams();
params.append('cmd', 'findReviews');
params.append('format', 'json');
params.append('returnMaxRows', '3');
params.append('returnColumns', 'id,name,review_type,state');
params.append('review_type', 'User');
params.append('review_type', 'GlobalRole');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params,
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findReviews": [
{
"id": "1",
"name": "UAR-1",
"review_type": "User",
"state": "InProcess"
},
{
"id": "43",
"name": "Role Review-3",
"review_type": "GlobalRole",
"state": "InProcess"
},
{
"id": "82",
"name": "UAR-2",
"review_type": "User",
"state": "InProcess"
}
]
}
Case-insensitive filter
Filters are case-sensitive by default. Set ignoreCase=true to match regardless of case. The example passes state=inprocess in lowercase and still returns reviews with the stored value InProcess.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findReviews&format=json&returnMaxRows=3&returnColumns=id,name,review_type,state&state=inprocess&ignoreCase=true" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findReviews",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,review_type,state",
"state": "inprocess",
"ignoreCase": "true"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findReviews",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,review_type,state",
state: "inprocess",
ignoreCase: "true"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findReviews": [
{
"id": "1",
"name": "UAR-1",
"review_type": "User",
"state": "InProcess"
},
{
"id": "43",
"name": "Role Review-3",
"review_type": "GlobalRole",
"state": "InProcess"
},
{
"id": "82",
"name": "UAR-2",
"review_type": "User",
"state": "InProcess"
}
]
}
Sort ascending
Use sortByColumns with a column name and sortDirection=asc to sort results from lowest to highest. The example sorts by id.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findReviews&format=json&returnMaxRows=3&returnColumns=id,name,review_type,state&sortByColumns=id&sortDirection=asc" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findReviews",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,review_type,state",
"sortByColumns": "id",
"sortDirection": "asc"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findReviews",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,review_type,state",
sortByColumns: "id",
sortDirection: "asc"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findReviews": [
{
"id": "1",
"name": "UAR-1",
"review_type": "User",
"state": "InProcess"
},
{
"id": "43",
"name": "Role Review-3",
"review_type": "GlobalRole",
"state": "InProcess"
},
{
"id": "61",
"name": "Role Review-4",
"review_type": "GlobalRole",
"state": "InProcess"
}
]
}
Sort descending
Set sortDirection=desc to reverse the order.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findReviews&format=json&returnMaxRows=3&returnColumns=id,name,review_type,state&sortByColumns=id&sortDirection=desc" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findReviews",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,review_type,state",
"sortByColumns": "id",
"sortDirection": "desc"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findReviews",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,review_type,state",
sortByColumns: "id",
sortDirection: "desc"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findReviews": [
{
"id": "102",
"name": "UAR-4",
"review_type": "User",
"state": "InActionable"
},
{
"id": "101",
"name": "UAR-3",
"review_type": "User",
"state": "InActionable"
},
{
"id": "82",
"name": "UAR-2",
"review_type": "User",
"state": "InProcess"
}
]
}
CSV with custom delimiter
Set format=csv for a comma-separated response. Use delimiter to change the separator character.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findReviews&format=csv&returnMaxRows=3&returnColumns=id,name,review_type,state&delimiter=~" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findReviews",
"format": "csv",
"returnMaxRows": "3",
"returnColumns": "id,name,review_type,state",
"delimiter": "~"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.text)
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findReviews",
format: "csv",
returnMaxRows: "3",
returnColumns: "id,name,review_type,state",
delimiter: "~"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
id~name~review_type~state
1~UAR-1~User~InProcess
43~Role Review-3~GlobalRole~InProcess
82~UAR-2~User~InProcess
CSV without header row
Set includeHeaderRow=false when your downstream system expects raw data rows without a header.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findReviews&format=csv&returnMaxRows=3&returnColumns=id,name,review_type,state&includeHeaderRow=false" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findReviews",
"format": "csv",
"returnMaxRows": "3",
"returnColumns": "id,name,review_type,state",
"includeHeaderRow": "false"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.text)
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findReviews",
format: "csv",
returnMaxRows: "3",
returnColumns: "id,name,review_type,state",
includeHeaderRow: "false"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
1,UAR-1,User,InProcess
43,Role Review-3,GlobalRole,InProcess
82,UAR-2,User,InProcess
Error responses
A 401 is returned when the token is missing, invalid, or expired. A 412 is returned when returnColumns includes a column name that does not exist in the PV_REVIEW public view.
- 401 Invalid token
- 412 Invalid column
<html>
<head><title>Error</title></head>
<body>The token is not valid for the command 'findReviews'. Token is invalid or expired</body>
</html>
<html>
<head><title>Error</title></head>
<body>The parameter returncolumns contains an invalid column - `invalid_col`.
Query String=cmd=findReviews&format=json&returnMaxRows=2&returnColumns=id,invalid_col</body>
</html>
Verified with RSA Governance & Lifecycle version 8.0.0.188886 P10_HF01.