Skip to main content



Every child of crud_objects must contain an operations object. In turn, this object contains custom objects that you define, each of which specifies a CRUD call related to the relevant system object type.

The name of each custom object inside operations should be a simple word or words separated by an underscore (_) or dash (-) that names the CRUD call. For example: users_get, user_create, user_delete, user_modify_mail, etc. Each custom object can take a variety of properties, which are listed below.

Operation names show up in the NIM Studio as names of Functions in Mappings:


For most external systems, you will want to specify the full range of CRUD operations for each object (get, create, update, delete), but this is not strictly required.


get operations are specified somewhat differently than post/put/patch/delete operations, and support the following properties. A REST system's get calls are used during Collection.


You should always specify get operations for all relevant system object types, regardless of whether the system is a target or only a source (see Sources and targets).


The REST method. For get calls, must be get. There should be only a single get operation for each type of object in the external system (i.e., for each child object of crud_objects).


Optional. The call object of get specifies details of the HTTP call.

Two call modes are supported:


Use the normal mode to make a single sequence of paged calls to the external system. This is the most common scenario.

"call": {
	"mode": "normal",
	"path": "/groups/{id}/aliases"

The path property is optional. If specified, it is appended to the baseUrl to build the full URL for the call. If it is not specified, the name of the parent object under crud_objects) is used instead. The path property can contain variables.


Use the iteration mode when the relevant data table must be populated with a separate REST call per row of a different table (table).

The most common use case is group membership collection. In NIM, all members of all groups are stored in a single table, but most REST systems only support collection of members for one group at a time. Thus, one call must be made per group. The iteration mode is the solution.

"members": {
	"operations": {
		"members_get": {
			"method": "get",
			"call": {
				"mode": "iteration",
				"table": "groups",
				"iterator": "id",
				"path": "/groups/{iterator}/members",
				"base": {
					"group_id": "{iterator}"
			"maxSessionCount": 20

When using the iteration mode, configure the properties of call as follows:


Set to iteration.


The table for which a call will be made per row. Set this to the name of another child object of crud_objects. For this example (the members table), it is the groups table.


The resource (column) of the table which will be used to uniquely identify the calls and results. Typically, this is the name of the table's key resource. For this example, it is the id resource of the groups table.


The path for the get request. Must include the {iterator} variable somewhere in the path, per the specific requirements of the external system.


Each child property specified in base becomes a column in the result table (the table into which the iterated call results are written). For this example, we're adding a group_id column whose value is equal to {iterator}. This is necessary to identify the group in the results. The base object should always contain the {iterator} variable.


Optional. Overrides the default maxPageCount setting in the rest object. Only used by Azure AD and Google systems. All generic systems (see call_handling) instead use pagination.


The maximum number of concurrent get requests when using mode=iteration. When the maximum is reached, NIM will wait for all calls to return before the next set of calls is executed.


Optional. This object specifies how to interpret the result data.

The output_field property specifies where to find the result data. In the example shown, the result objects can be found in the section child property of the sections object.

The stringArrayColumnName is used if the response is an array of strings instead of an array of objects. The value should be the name of a string type specifier in the resources object of the current crud_object. The result data will be stored in that column.

"processing_options": {
	"output_field": "sections.section"
	"stringArrayColumnName": "id"

If the result data is directly inside the result object, a value of null must be specified:

"processing_options": {
	"output_field": "null"
	"stringArrayColumnName": "id"

Optional. Specifies additional query_parameters for the get request.


Optional. Only used in cases where the target system expects an HTTP verb other than get for get calls. For example, some external systems expect post instead.


The post/put/patch/delete operations are used to write into external systems used in target contexts. You should not specify any post/put/patch/delete operations for external systems that will only be used in source contexts (see Sources and targets).

These operations are very similar, with a few exceptions. Each operation is specified by a single JSON object that contains the following properties:


The method is determined by the requirements of the REST target system and the call you're specifying. It is either post, put, patch, or delete.


Calls of type post, put and patch can optionally have a body. If no body property is specified explicitly, it will be composed of the specified resources. If a body property is specified, it acts as a template. It can contain variables that refer to resources.

Example JSON:

"member_add": {
	"method": "post",

The optional call specification is similar to the mode=normal configuration of get calls. Only the mode=normal configuration is supported for post/put/patch/delete calls.

Example JSON:

"user_create": {
	"method": "post",
	"call": {
		"mode": "normal",
		"path": "/users",

The semantics with which to process the call results. Possible values include:

  • create

  • delete

  • update

  • set

  • memberships-update


Specifies the allowance setting for resources that are not explicitly listed in resource_mandatory or resource_prohibited. Possible values include:

  • optional

  • prohibited

  • mandatory

Example JSON:

"resource_allowance_default": "optional",

A list of resources that cannot be specified for this operation.

Example JSON:

"resource_prohibited": [

A list of resources that must be specified for this operation.

Example JSON:

"resource_mandatory": [

Error codes that should only generate a warning.

For example, if a 409 is returned when removing a non-existent member from a group:

"warning_only": [