Appearance
Integration Flows
These guides walk a Defentry integration partner through wiring their own systems into the Defentry Identity Protection platform end to end: standing up a service account, creating and administering customer accounts, enrolling monitored items, giving end users self-service access, and running the Delete My Data service on their behalf.
Every endpoint referenced in these guides exists in the API Explorer (the integration OpenAPI spec), and each flow mirrors a sequence we exercise against the live API in our own test harness.
The two authentication scopes
Almost everything you do uses one of two bearer tokens. Knowing which scope a call needs is the single most important concept in the API.
| Token | Obtained via | Acts as | Use it for |
|---|---|---|---|
| CRM token | POST /api/v1/crm/auth/login | Your service account (partner admin) | Create/administer accounts by id, manage watchlists on behalf of users, read alarms |
| App token | POST /api/v1/sso/token | A single end user | End-user self-service: own profile, own watchlists, Online Data |
Recommended journey
- Onboarding & service account — first CRM user, create your service account, log in, 2FA.
- Account management — create and administer customer accounts (CRM token).
- Watchlist enrolment — add monitored items, with the CRM-token vs app-token split made explicit.
- End-user access (SSO) — mint an app token for a user without a login UI.
- Online Data — scan, sign, and submit broker removals (app token).
- Alarms — surface and resolve identity alarms.
Response format
Pick legacy or standardized responses per request with the X-API-Version header. Before you go live, read Legacy → Standardized migration and the Response & Error Conventions — the API Explorer's version selector renders both shapes side by side.