Skip to content

Instantly share code, notes, and snippets.

@adarobin

adarobin/PAS_swagger_OAS3_fixed.diff

Last active September 10, 2021 13:49
Show Gist options
  • Save adarobin/9ac128d13474f4a7b8f3f9e45a19554a to your computer and use it in GitHub Desktop.
Save adarobin/9ac128d13474f4a7b8f3f9e45a19554a to your computer and use it in GitHub Desktop.
Download ZIP
PAS OpenAPI with openapi-generate
Raw
PAS_swagger_OAS3_fixed.diff
117d116
<
120,121d118
< schema:
< type: string
248,249d244
< schema:
< type: string
391,392d385
< schema:
< type: string
452,453d444
< schema:
< type: string
468,469d458
< schema:
< type: string
484,486c473
< application/octet-stream:
< schema:
< type: string
---
> application/octet-stream: {}
875,876d861
< schema:
< type: string
2031,2032d2015
< schema:
< type: string
2035c2018
< value: "trimmed"
---
> value: "PK\u0003\u0004\u0014\u0000\u0000\u0000\b\u0000C�kMZ�\u0017Gf\u0002\u0000\u0000�\n\u0000\u0000\u0014\u0000$\u0000Policy-WinDomain.xml\n\u0000 \u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0018\u0000����\u0002z�\u0001����\u0002z�\u0001����\u0002z�\u0001�V�n�@\u0010�#�\u000e���\u0006q��I\u0015\u0012�\"5�e��ykO�U�\u001d��N�g��#�\n���8��\u0007�\u0010��d�|3�ͯ���\u001f��%K�\u0015(-Pv�\u000f�{�\u0001\u0019c\"���\u0016f~�ɽ��\u0001�D\fΘg�q'9(n\b�D�6��]\u0016`*b\u0001z�W:��`���\u0005Ld/I:�\u0018ݵp\u0006J�ˆp8��\u000fB\u000e0�B�N�r3G�}�\u001aΨ\u0002�\u0006cL׀\u0004���zZ��Wu߾qv\u001f#SJ�Tl�r҄��\u0010\n�#�ަ�T��+�\u0014ӿ\b�נ$����?\u0011�MrC���E�w��]yBИ������\u0019\u000e�� \u0003TƖ��/�O\u0014��\t��$�Z?�JZ]����zq����[6C��\u000bͪ�J�6�\u0018e,R8e��؞�瘱{�\u0017��YK7!i�\"PզX�5�Q�\u0004ɔ��\u0005�p\u0018��<@L/\u0000CX\bmTy\u0001��,H\u000b�T��J�e�m(�-e`S\u0011/��\b�Ap�H\u0003j'\u001c�9ֻ>��H��Z5.�GP��?�Q���- �h�i�F\\R�\f�9��QJ��\u0001��r�\u0004i5ɂq�t\u007f�ht\u0013\u000e\u0002�=�\u0013:�J$P-G�\u0015Յ2:�[S�j�K\u0012�B�����OB�(�Ǩ_R�=����5�Ej�\u0007x���K�sE��L�\u0003/\u0007<�9��������r�%h'GYz\r\u001f��;��z|��z�|Ks���������\u007fTC�{t�R0����b��J^]I+���\u001e!��hw��~���k��\u000bPK\u0003\u0004\u0014\u0000\u0000\u0000\b\u0000C�kM\u0019g�2�\u0005\u0000\u0000�\u0015\u0000\u0000\u0014\u0000$\u0000Policy-WinDomain.ini\n\u0000 \u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0018\u0000����\u0002z�\u0001����\u0002z�\u0001����\u0002z�\u0001�X�o�6\u0010~v��\u000f|l\u0003ǵ���\u001a�!�#�@�\u0018v�n(��Hg��D�$����wGQ��3ֺ\u0001\u0011\f��������;���̄a����4K�e*\u0011ќe\\�\u0014,h6\u0011��Di�rɧBN�W!c�hXO�\\HƣH�Ҷ\u000e\u000f���\u0016I<I�#�fZe��\u0000\\B\u0003��#\u0017\u001ab�$.ạ����/��avƭ�J�E!��7t����_`����\u0000��.<_�#�\u0002I�\u001a�\u0003�\u0006�t-$[�\r�(�$*��E\u001ck0f��&�أ������z��[2u�d5\u001f�vO�|\u0002G[L11��GJF\"\u0011�\n��r��E'��\u0001Z˶B�Ġ��\u0013[�����֎X�Kv\u000f�d\u0010�� E��lX\tt�\u0013s�I�\"�\r�\r����LD3Z)Q�K�{��r\u000b\u001e\u001e�L\u0004w5ί���Uz^��N��\f�(2��`\f\\G�P�[ç`�?��ػ|�ݑ#\u000f<��|bs0��*���3\b4L���UW�T�\\\u0013�\u000eWk��Vyvx�OS�\u0011\f�K�\u001f\n\u0007�W,�%K��-\u0018�.�:gg�M��,~ş��v�5H��d\u0001�\tN\u000f\u000f.��\u0010S���u�(�\u001b\r̄bC��QnS`Ԅ99\f�E\u0007d\u0011����.\u0014��4E37\u0018lÆe�15L\\\ty�\u0013\u0011\u000b;\u001f�\u0016*\u000e>��n��9��\"&�\u0004��\b\f��\u0007ԋ�T,\u0005s\u0002i���H!$��w��r\u001b�n\u0004�\\vL9\u001d������ޟ�\\$\u0001�ɭ$.�m~����J����>m��=�N:��a�O�1;5�\\K\u0016)t\u0006�A��1a�E;B\u0018�C~\u0004V\u000b\u001fa���\u007f\u000e�7\u001a\u000e�\u001e���o`\u001f\u0001d����&�ꆲ�SH\u00048u$���K\u0012G���'e+N�Ã߯���x\b��8o�b�T�q9\u0005��5�\u001cY���<)\f�\u0015���\u00024�U$������O�3�xl��[*D\u0019И�1����\u000f�J?�\\\u0007ǝ-�nZ�}|rJպB\"d�z����P\f��2��.\u0007\r*:\u000bM� �T�d�e�:��'�-�7H\tXP�\u0011��'6�e�])���XZ�B��fy��Z4�ta�/@\u001f(��*ri���q\u0007�G�\u0010����{�\npaSp�9\u0010\u00159��)&^\u0015�\n��`<�\u0012o���a�{�b����h��\u0014\u007f;�\u0016�(�\u0005n�\\Ǣ�[�b�r ���M$\r��\u001c�\u000f�c�P\t�^\u0005\u001f\u001b�ȷ�\u0005K��%h�CY\u0019��Qt\u0011-\u0015#\u0017P��\u0016Y�@ib\u0019:^�\u0017>��7��\u000f<�s]�P���%�\u001d\u001aXX�Iѻ�BҪ�\nUw��.\\a钉��;�_�ھ��\u000b_&��\\�\u000b������^�WFšq\u001fu+q_6U-�;b�p\u0000�hH�N�\u000f�n�p��;H\u0010�:�\u0003\u0014��H��7�U��(���V��x�\u0005\\�����bP߾\u0000B�[E�>Z,�u\u0006�V�\u0002\u0007���\u000e�G݅�\b��\t���9�\u0001�CSP�\u0003�:K�֘�F�=����\u0019u��u5\u00188��z\u0006V�\"�l-6�:�� �ܠ\u0006��#-\u0006��<f��\u0004�EB��ڷ�\u0016���\u0004x�Kʃ����@�b���ɔ\u001aU��\b�\u007fOx�X:�������9\u0011�\\\u0017����%����[�Y{Ӯ6G\u007f͈O��?ab1\b~h7Vg�2\u0012�r�Ǒ�0t��b�;\u0018k*�*\u001cխU{�?U��von]���״�2\f8-�/RhY�����ɲ2>�\u007f\u0011k���_@N�,��\u001d�o34��\u0006�\u0013��E=.=��Tؠ㾏i���JŕP�{\u0011� ���9Vys9���;̯��\u0019J��\u0001�����\u0007�oN���8t�\u0003PK\u0001\u0002-\u0000\u0014\u0000\u0000\u0000\b\u0000C�kMZ�\u0017Gf\u0002\u0000\u0000�\n\u0000\u0000\u0014\u0000$\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000Policy-WinDomain.xml\n\u0000 \u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0018\u0000����\u0002z�\u0001����\u0002z�\u0001����\u0002z�\u0001PK\u0001\u0002-\u0000\u0014\u0000\u0000\u0000\b\u0000C�kM\u0019g�2�\u0005\u0000\u0000�\u0015\u0000\u0000\u0014\u0000$\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000�\u0002\u0000\u0000Policy-WinDomain.ini\n\u0000 \u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0018\u0000����\u0002z�\u0001����\u0002z�\u0001����\u0002z�\u0001PK\u0005\u0006\u0000\u0000\u0000\u0000\u0002\u0000\u0002\u0000�\u0000\u0000\u0000�\b\u0000\u0000\u0000\u0000"
2253,2254d2235
< schema:
< type: string
2361,2362d2341
< schema:
< type: string
2529,2691c2508,2670
< # "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress|ACLUserName|ACLPolicyID}/PrivilegedCommands":
< # get:
< # tags:
< # - OPM Commands
< # - Account
< # summary: List Account/ACL
< # description: This method gets a list of the privileged commands (OPM rules) associated with this account.
< # operationId: listAccountAcl
< # responses:
< # "200":
< # description: ""
< # "500":
< # description: 500 Internal Server Error (ACLAddress Required)
< # headers:
< # CA-ErrorMessage:
< # schema:
< # type: string
< # example: Input parameter AccountAddress is obligatory. Please fix it and try again.
< # CA-ErrorMessageBase64Encoded:
< # schema:
< # type: string
< # example: SW5wdXQgcGFyYW1ldGVyIEFjY291bnRBZGRyZXNzIGlzIG9ibGlnYXRvcnkuIFBsZWFzZSBmaXggaXQgYW5kIHRyeSBhZ2Fpbi4=
< # Cache-Control:
< # schema:
< # type: string
< # example: "no-cache, no-store, must-revalidate"
< # Content-Length:
< # schema:
< # type: string
< # example: "118"
< # Date:
< # schema:
< # type: string
< # example: "Mon, 05 Jun 2017 21:08:01 GMT"
< # Expires:
< # schema:
< # type: string
< # example: "-1"
< # Pragma:
< # schema:
< # type: string
< # example: no-cache
< # Server:
< # schema:
< # type: string
< # example: Microsoft-IIS/8.5
< # Set-Cookie:
< # schema:
< # type: string
< # example: mobileState=Desktop; path=/PasswordVault/; HttpOnly
< # X-Frame-Options:
< # schema:
< # type: string
< # example: SAMEORIGIN
< # X-UA-Compatible:
< # schema:
< # type: string
< # example: IE=EmulateIE8
< # content:
< # application/json:
< # schema:
< # type: object
< # properties:
< # ErrorCode:
< # type: string
< # example: CAWS00001E
< # ErrorMessage:
< # type: string
< # example: Input parameter AccountAddress is obligatory. Please fix it and try again.
< # examples:
< # 500 Internal Server Error (ACLAddress Required):
< # value:
< # ErrorCode: CAWS00001E
< # ErrorMessage: Input parameter AccountAddress is obligatory. Please fix it and try again.
< # put:
< # tags:
< # - OPM Commands
< # - Account
< # summary: Add Account/ACL
< # description: This method adds a new privileged command rule to the account.
< # operationId: addAccountAcl
< # requestBody:
< # content:
< # application/json:
< # schema:
< # type: object
< # properties:
< # Command:
< # type: string
< # example: /bin/sh
< # CommandGroup:
< # type: boolean
< # example: false
< # PermissionType:
< # type: string
< # example: Deny
< # Restrictions:
< # type: string
< # example: ""
< # UserName:
< # type: string
< # example: "*"
< # example:
< # Command: /bin/sh
< # CommandGroup: false
< # PermissionType: Deny
< # Restrictions: ""
< # UserName: "*"
< # responses:
< # "200":
< # description: ""
< # parameters:
< # - name: ACLAddress
< # in: path
< # required: true
< # schema:
< # type: string
< # - name: ACLUserName
< # in: path
< # required: true
< # schema:
< # type: string
< # - name: ACLPolicyID
< # in: path
< # required: true
< # schema:
< # type: string
< # "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress}|{ACLUserName}|{ACLPolicyID}/PrivilegedCommands/":
< # delete:
< # tags:
< # - OPM Commands
< # - Account
< # summary: Delete Account/ACL
< # description: This method deletes privileged commands rules associated with the account.
< # operationId: deleteAccountAcl
< # parameters:
< # - name: id
< # in: query
< # schema:
< # type: string
< # example: "1"
< # requestBody:
< # content:
< # application/octet-stream: {}
< # responses:
< # "200":
< # description: ""
< # parameters:
< # - name: ACLAddress
< # in: path
< # required: true
< # schema:
< # type: string
< # - name: ACLUserName
< # in: path
< # required: true
< # schema:
< # type: string
< # - name: ACLPolicyID
< # in: path
< # required: true
< # schema:
< # type: string
---
> "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress}|{ACLUserName}|{ACLPolicyID}/PrivilegedCommands":
> get:
> tags:
> - OPM Commands
> - Account
> summary: List Account/ACL
> description: This method gets a list of the privileged commands (OPM rules) associated with this account.
> operationId: listAccountAcl
> responses:
> "200":
> description: ""
> "500":
> description: 500 Internal Server Error (ACLAddress Required)
> headers:
> CA-ErrorMessage:
> schema:
> type: string
> example: Input parameter AccountAddress is obligatory. Please fix it and try again.
> CA-ErrorMessageBase64Encoded:
> schema:
> type: string
> example: SW5wdXQgcGFyYW1ldGVyIEFjY291bnRBZGRyZXNzIGlzIG9ibGlnYXRvcnkuIFBsZWFzZSBmaXggaXQgYW5kIHRyeSBhZ2Fpbi4=
> Cache-Control:
> schema:
> type: string
> example: "no-cache, no-store, must-revalidate"
> Content-Length:
> schema:
> type: string
> example: "118"
> Date:
> schema:
> type: string
> example: "Mon, 05 Jun 2017 21:08:01 GMT"
> Expires:
> schema:
> type: string
> example: "-1"
> Pragma:
> schema:
> type: string
> example: no-cache
> Server:
> schema:
> type: string
> example: Microsoft-IIS/8.5
> Set-Cookie:
> schema:
> type: string
> example: mobileState=Desktop; path=/PasswordVault/; HttpOnly
> X-Frame-Options:
> schema:
> type: string
> example: SAMEORIGIN
> X-UA-Compatible:
> schema:
> type: string
> example: IE=EmulateIE8
> content:
> application/json:
> schema:
> type: object
> properties:
> ErrorCode:
> type: string
> example: CAWS00001E
> ErrorMessage:
> type: string
> example: Input parameter AccountAddress is obligatory. Please fix it and try again.
> examples:
> 500 Internal Server Error (ACLAddress Required):
> value:
> ErrorCode: CAWS00001E
> ErrorMessage: Input parameter AccountAddress is obligatory. Please fix it and try again.
> put:
> tags:
> - OPM Commands
> - Account
> summary: Add Account/ACL
> description: This method adds a new privileged command rule to the account.
> operationId: addAccountAcl
> requestBody:
> content:
> application/json:
> schema:
> type: object
> properties:
> Command:
> type: string
> example: /bin/sh
> CommandGroup:
> type: boolean
> example: false
> PermissionType:
> type: string
> example: Deny
> Restrictions:
> type: string
> example: ""
> UserName:
> type: string
> example: "*"
> example:
> Command: /bin/sh
> CommandGroup: false
> PermissionType: Deny
> Restrictions: ""
> UserName: "*"
> responses:
> "200":
> description: ""
> parameters:
> - name: ACLAddress
> in: path
> required: true
> schema:
> type: string
> - name: ACLUserName
> in: path
> required: true
> schema:
> type: string
> - name: ACLPolicyID
> in: path
> required: true
> schema:
> type: string
> "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress}|{ACLUserName}|{ACLPolicyID}/PrivilegedCommands/":
> delete:
> tags:
> - OPM Commands
> - Account
> summary: Delete Account/ACL
> description: This method deletes privileged commands rules associated with the account.
> operationId: deleteAccountAcl
> parameters:
> - name: id
> in: query
> schema:
> type: string
> example: "1"
> requestBody:
> content:
> application/octet-stream: {}
> responses:
> "200":
> description: ""
> parameters:
> - name: ACLAddress
> in: path
> required: true
> schema:
> type: string
> - name: ACLUserName
> in: path
> required: true
> schema:
> type: string
> - name: ACLPolicyID
> in: path
> required: true
> schema:
> type: string
2766c2745
< example: "41_4"
---
> example: 41_4
2818c2797
< - AccountID: "41_4"
---
> - AccountID: 41_4
2852c2831
< - AccountID: "41_4"
---
> - AccountID: 41_4
2969,2971c2948
< application/octet-stream:
< schema:
< type: string
---
> application/octet-stream: {}
3325,3326d3301
< schema:
< type: string
3344,3346c3319
< application/octet-stream:
< schema:
< type: string
---
> application/octet-stream: {}
3507,3508d3479
< schema:
< type: string
3527,3529c3498
< application/octet-stream:
< schema:
< type: string
---
> application/octet-stream: {}
3764,3766c3733
< application/octet-stream:
< schema:
< type: string
---
> application/octet-stream: {}
3971,3972d3937
< schema:
< type: string
4086,4087d4050
< schema:
< type: string
4217,4218d4179
< schema:
< type: string
4240,4241d4200
< schema:
< type: string
4483,4484d4441
< schema:
< type: string
4621,4622d4577
< schema:
< type: string
4989,4990d4943
< schema:
< type: string
5194c5147
< example: "29_7"
---
> example: 29_7
5239c5192
< id: "29_7"
---
> id: 29_7
5381c5334
< example: "24_3"
---
> example: 24_3
5414c5367
< id: "24_3"
---
> id: 24_3
5547c5500
< example: "29_3"
---
> example: 29_3
5577c5530
< id: "29_3"
---
> id: 29_3
5604,5605d5556
< schema:
< type: string
5683,5684d5633
< schema:
< type: string
5753,5755c5702
< application/octet-stream:
< schema:
< type: string
---
> application/octet-stream: {}
6602,6603d6548
< schema:
< type: string
6736,6737d6680
< schema:
< type: string
8328,8329d8270
< schema:
< type: string
12369c12310
< - name: Public SSH Authentication
---
> - name: Public SSH Authentication
\ No newline at end of file
Raw
PAS_swagger_OAS3_fixed.yml
---
openapi: 3.0.3
info:
title: "CyberArk REST API [PUBLIC]"
description: "All available requests in CyberArk Privileged Account Security Web Services for All Versions\n\n**Last Updated Version:** v11.7\n\n# THIS IS UNOFFICIAL DOCUMENTATION\n\n## New Features & Additions\n\n* Bulk Upload Accounts endpoints now available in Accounts > Bulk Upload Accounts.\n* Authentication Methods can be managed via API.\n* All Platform Management can be managed via API.\n* Initial documentation of CyberArk's IDaptive Identity Platform API is available within the \"IDaptive Identity Platform\" folder.\n\nHappy automating!\n\n## Getting Started Guide\n\n[Getting Started with REST Using Postman](https://github.com/infamousjoeg/CyberArk-RESTAPI/blob/master/Getting%20Started%20with%20REST%20Using%20Postman.pdf) (PDF)\n\n## Community Tools\n\n* [psPAS](https://github.com/pspete/psPAS) - PowerShell Module for CyberArk's REST API\n* [CredentialRetriever](https://github.com/pspete/CredentialRetriever) - PowerShell Module for CyberArk's Application Access Manager (AAM)\n* [pyAIM](https://github.com/infamousjoeg/pyAIM) - Python Client Library for CyberArk's Application Access Manager (AAM)\n\n## Code Examples\n\n* [cyberark/epv-api-scripts](https://github.com/cyberark/epv-api-scripts)\n* [infamousjoeg on GitHub](https://github.com/infamousjoeg?tab=repositories)\n* [CyberArk's Automation Greatest Hits (Awesome List of Automation)](https://cybr.rocks/greatesthits)\n\n## YouTube Videos Playlist\n\n* [CyberArk Videos Playlist Curated by InfamousJoeG](https://www.youtube.com/playlist?list=PL-p_9AwMQDmkS6rCXQrINn0Xc7dv73dWU)\n\n## Maintainer\n\n[Joe Garcia](https://github.com/infamousjoeg)\n\n[Buy me a coffee](https://www.buymeacoffee.com/infamousjoeg)\n\n## Status Codes\n\n| Status Name | Status Code | Status Description |\n|---|---|---|\n| Success | 200 | The request succeeded. The actual response will depend on the request method used. |\n| Created | 201 | The request was fulfilled and resulted in a new resource being created. |\n| Bad Request | 400 | The request could not be understood by the server due to incorrect syntax. |\n| Unauthorized | 401 | The request requires user authentication. |\n| Forbidden | 403 | The server received and understood the request, but will not fulfill it. Authorization will not help and the request MUST NOT be repeated. |\n| Not Found | 404 | The server did not find anything that matches the Request-URI. No indication is given of whether the condition is temporary or permanent. |\n| Conflict | 409 | The request could not be completed due to a conflict with the current state of the resource. |\n| Internal Server Error | 500 | The server encountered an unexpected condition which prevented it from fulfilling the request. |\n\n_NOTE: If you are having issues with DEL or PUT methods, make sure that your Password Vault Web Access (PVWA) Server's IIS instance does not include WebDav Publishing. This will cause known issues._"
version: 1.0.0
contact: {}
servers:
- url: "{{BaseURL}}"
- url: "https://{{BaseURL}}"
- url: "{{PTABaseURL}}"
paths:
/AIMWebService/api/Accounts:
get:
tags:
- Central Credential Provider (CCP)
summary: GetPassword
description: "GetPassword – This service enables applications to retrieve passwords from the\r\nCentral Credential Provider.\r\n\r\n- AppID (REQUIRED)\r\n - Specifies the unique ID of the application issuing the password request.\r\n- Safe\r\n - Specifies the name of the Safe where the password is stored.\r\n- Folder\r\n - Specifies the name of the folder where the password is stored. (Default: Root)\r\n- Object\r\n - Specifies the name of the password object to retrieve.\r\n- UserName\r\n - Defines search criteria according to the UserName account property.\r\n- Address\r\n - Defines search criteria according to the Address account property.\r\n- Database\r\n - Defines search criteria according to the Database account property.\r\n- PolicyID\r\n - Defines the format that will be used in the setPolicyID method.\r\n- Reason\r\n - The reason for retrieving the password. This reason will be audited in the Credential Provider audit log.\r\n- ConnectionTimeout\r\n - The number of seconds that the Central Credential Provider will try to retrieve the password. The timeout is calculated when the request is sent from the web service to the Vault and returned back to the web service.\r\n - 30 (Default)\r\n- Query\r\n - Defines a free query using account properties, including Safe, folder, and object. When this method is specified, all other search criteria (Safe/Folder/Object/UserName/Address/PolicyID/Database) are ignored and only the account properties that are specified in the query are passed to the Central Credential Provider in the password request.\r\n- QueryFormat\r\n - Defines the query format, which can optionally use regular expressions.\r\n - Possible values are:\r\n - Exact (Default)\r\n - Regexp\r\n- FailedRequestOnPasswordChange\r\n - Whether or not an error will be returned if this web service is called when a password change process is underway.\r\n - True\r\n - False (Default)"
operationId: getPassword
parameters:
- name: AppID
in: query
schema:
type: string
example: "{{AppID}}"
- name: Safe
in: query
schema:
type: string
example: "{{Safe}}"
- name: Object
in: query
schema:
type: string
example: "{{ObjectName}}"
- name: Username
in: query
schema:
type: string
example: "{{UserName}}"
requestBody:
content:
application/form-urlencoded:
schema:
type: object
properties: {}
example: {}
responses:
"200":
description: ""
/API/AccountGroups/:
post:
tags:
- Accounts
- Account Groups
summary: Add Account Group
description: "This method enables application managers to define a new account group automatically, and manage accounts as part of a group.\n\nTo create an account group, users require the following permissions in the Safe where the group is created:\n* Add accounts\n* Update account content\n* Update account properties\n* Create folders\n\n**Note:** _The following characters are not supported in URL values in the Body:_ **+ & % #**"
operationId: addAccountGroup
requestBody:
content:
application/json:
schema:
type: object
properties:
GroupName:
type: string
example: "{{GroupName}}"
GroupPlatform:
type: string
example: "{{PlatformID}}"
Safe:
type: string
example: "{{Safe}}"
example:
GroupName: "{{GroupName}}"
GroupPlatform: "{{PlatformID}}"
Safe: "{{Safe}}"
responses:
"200":
description: ""
"/API/AccountGroups/{GroupName}/Members":
post:
tags:
- Accounts
- Account Groups
summary: Add Account to Account Group
description: "This method adds an account as a member to an existing account group. The account can contain either a password or SSH key. All members of an account group must be stored in the same Safe as the group itself.\n\nTo add an account as a member to an account group, users require the following permissions to the Safe where the group is created:\n* Add accounts\n* Update account content\n* Update account properties\n\n**Note:** _The following characters are not support in URL values in the Body:_ **+ & % #**"
operationId: addAccountToAccountGroup
requestBody:
content:
application/json:
schema:
type: object
properties:
AccountID:
type: string
example: "{{AccountID}}"
example:
AccountID: "{{AccountID}}"
responses:
"200":
description: ""
parameters:
- name: GroupName
in: path
required: true
schema:
type: string
/API/Platforms/Import:
post:
tags:
- Platforms
summary: Import Platform
description: This method enables administrators to import new platforms and dependencies.
operationId: importPlatform
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"ImportFile\": {zip file in the format of BASE 64 array}\n}"
responses:
"200":
description: ""
/PasswordVault/API/AccountGroups:
get:
tags:
- Accounts
- Account Groups
summary: Get Account Group by Safe
description: "This method returns all the account groups in a specific Safe. The user performing this task must have the following permissions in the Safe:\r\n\r\n* Add accounts\r\n* Update account content\r\n* Update account properties\r\n* Create folders"
operationId: getAccountGroupBySafe
parameters:
- name: Safe
in: query
schema:
type: string
example: "{{Safe}}"
responses:
"200":
description: ""
"/PasswordVault/API/AccountGroups/{GroupName}/Members":
get:
tags:
- Accounts
- Account Groups
summary: Get Account Group Members
description: "This method returns all the members of an existing account group. These accounts can be either password accounts or SSH Key accounts.\n\n__NOTE: All members of account groups must be stored in the same Safe as the group itself.__\n\nThe user performing this task must have the following permissions in the Safe:\n\n* Add accounts\n* Update account content\n* Update account properties\n* Create folders"
operationId: getAccountGroupMembers
responses:
"200":
description: ""
parameters:
- name: GroupName
in: path
required: true
schema:
type: string
"/PasswordVault/API/AccountGroups/{GroupName}/Members/{AccountID}":
delete:
tags:
- Accounts
- Account Groups
summary: Delete Member from Account Group
description: "This method removes an account member from an account group. This account can be either a password account or an SSH Key account.\r\n\r\nThe user performing this task must have the following permissions in the Safe:\r\n\r\n* Add accounts\r\n* Update account content\r\n* Update account properties\r\n* Create folders"
operationId: deleteMemberFromAccountGroup
requestBody:
content:
application/json:
schema:
type: object
properties: {}
example: {}
responses:
"200":
description: ""
parameters:
- name: GroupName
in: path
required: true
schema:
type: string
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/API/Accounts/{AccountID}/Change":
post:
tags:
- Accounts
- Account Actions
- v1 API1
summary: "Change Credentials Immediately [v9.10+]"
description: "This method marks an account for an immediate credentials change by the CPM to a new random value.\r\n\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n\r\n* Initiate CPM password management operations"
operationId: changeCredentialsImmediatelyV910
requestBody:
content:
application/json:
schema:
type: object
properties:
ChangeEntireGroup:
type: string
example: "true"
example:
ChangeEntireGroup: "true"
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/API/Accounts/{AccountID}/CheckIn":
post:
tags:
- Accounts
- Account Actions
- v2 API1
summary: Check In an Exclusive Account
description: "This method checks an exclusive account into the Vault.\n\n* If the account is managed automatically by the CPM, after it is checked in, the password is changed immediately.\n* If the account is managed manually, a notification is sent to a user who is authorized to change the password. The account is checked in automatically after it has been changed.\n\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\n\n* Initiate CPM password management operations"
operationId: checkInAnExclusiveAccount
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/API/Accounts/{AccountID}/PSMConnect":
post:
tags:
- Accounts
- Account Actions
- v2 API1
summary: Connect Using PSM
description: "This method enables you to connect to an account through PSM (PSMConnect) using a connection method defined in the PVWA.\n\nA response header defines which connection method is returned.\n\nFor more information, refer to [Privileged Session Management Interface](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-the-Privileged-Session-Management-Interface.htm).\n\n## Header Parameter\n\nParameter: Accept\n\nType: String\n\nDescription: The table below describes the expected response format depending on the value of the Accept header in the request, per connection method configuration (RDP File or PSM Gateway).\n\n| PVWA configuration | Optional values | Connection method |\n| --- | --- | --- |\n| RDP | application/json, application/octet-stream (default), `*/ *` | RDPFile (JSON), RDPFile (octet-stream raw) |\n| PSMGW | `* / *` | PSMGW (JSON) - Returns the HTML5 connection data. |\n\n**Note:** To use PSMGW, PSMGW must be configured before using this REST API in order to receive a PSMGW response."
operationId: connectUsingPsm
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"reason\":\"<Reason>\",\n\t\"TicketingSystemName\":\"<Ticketing system>\",\n\t\"TicketId\":\"<Ticketid>\",\n\t\"ConnectionComponent\":\"<Connection component id>\",\n\t\"ConnectionParams\": {\n\t\t\"<Connection parameter name>\": {\n\t\t\t\"value\":\"<Connection parameter value>\",\n\t\t\t\"ShouldSave\":<true\\false>\n\t\t},\n\t\t\"<Connection parameter name>\": {\n\t\t\t\"value\":\"<Connection parameter value>\",\n\t\t\t\"ShouldSave\":<true\\false>\n\t\t}\n\t}\n}"
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/API/Accounts/{AccountID}/Password/Update":
post:
tags:
- Accounts
- Account Actions
- v1 API1
summary: "Change Credentials in the Vault [v10]"
description: "This method enables users to set the account's credentials and change it in the Vault.\r\n\r\nThis will not affect the credentials on the target device.\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n\r\n* Update password value"
operationId: changeCredentialsInTheVaultV10
requestBody:
content:
application/json:
schema:
type: object
properties:
AutoGenerate:
type: string
example: "true"
ChangeCredsForGroup:
type: string
example: "true"
NewCredentials:
type: string
example: ""
example:
AutoGenerate: "true"
ChangeCredsForGroup: "true"
NewCredentials: ""
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/API/Accounts/{AccountID}/Reconcile":
post:
tags:
- Accounts
- Account Actions
- v1 API1
summary: "Reconcile Credentials [v9.10+]"
description: "This method marks an account for automatic reconciliation by the CPM.\r\n\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n\r\n* Initiate CPM password management operations"
operationId: reconcileCredentialsV910
requestBody:
content:
application/json:
schema:
type: object
properties: {}
example: {}
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/API/Accounts/{AccountID}/SetNextPassword":
post:
tags:
- Accounts
- Account Actions
- v1 API1
summary: "Change Credentials and Set Next Password [v10]"
description: "This method enables users to set the account's credentials to use for the next CPM change.\r\n\r\nThe user who runs this web service requires the following permissions in the Safe where the privileged account is stored:\r\n\r\n* Initiate CPM password management operations\r\n* Specify next password value"
operationId: changeCredentialsAndSetNextPasswordV10
requestBody:
content:
application/json:
schema:
type: object
properties:
ChangeImmediately:
type: string
example: "true"
NewCredentials:
type: string
example: Cyberark1
example:
ChangeImmediately: "true"
NewCredentials: Cyberark1
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/API/Accounts/{AccountID}/Verify":
post:
tags:
- Accounts
- Account Actions
- v1 API1
summary: "Verify Credentials [v9.10+]"
description: "This method marks an account for verification by the CPM, and can be used in versions from v9.10.\r\n\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n\r\n* Initiate CPM password management operations"
operationId: verifyCredentialsV910
requestBody:
content:
application/json:
schema:
type: object
properties: {}
example: {}
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
/PasswordVault/API/Auth/CyberArk/Logon:
post:
tags:
- Authentication
- v2 API123
summary: Logon - CyberArk Authentication
description: "This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method enables you to set a new password."
operationId: logonCyberArkAuthentication
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"username\": \"{{apiUsername}}\",\n\t\"password\": \"{{apiPassword}}\",\n\t\"newPassword\": \"<optional>\",\n\t\"concurrentSession\": \"false\" // v11.3\n}"
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "182"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 20:50:14 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: CA55555=cyberark; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/octet-stream:
schema:
type: string
examples:
200 OK:
value: "\"OTc5NjZlZDUtZDY0YS00N2RmLThiNjYtM2FhMWE5YzMwMWEwO0M3OEVBNTNGRjY1OEEzMDM7MDAwMDAwMDI4QzE1Mzk4RkIxQTU2MkNEMUQ0RTkxQTZGQTgxRkM2QTA2NTU0RTQ4NEQwMEQ5ODVERDhFRDQ1MjM3RkQzMkY1MDAwMDAwMDA7\""
/PasswordVault/API/Auth/LDAP/Logon:
post:
tags:
- Authentication
- v2 API123
summary: Logon - LDAP Authentication
description: "This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method enables you to set a new password."
operationId: logonLdapAuthentication
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"username\": \"{{apiUsername}}\",\n\t\"password\": \"{{apiPassword}}\",\n\t\"newPassword\": \"<optional>\",\n\t\"concurrentSession\": \"false\" // v11.3\n}"
responses:
"200":
description: ""
/PasswordVault/API/Auth/Logoff:
post:
tags:
- Authentication
- v2 API123
summary: Logoff
description: This method logs off the user and removes the Vault session.
operationId: logoff1
requestBody:
content:
application/octet-stream:
schema:
type: string
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "16"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 20:51:24 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
LogoffUrl:
type: string
example: ""
examples:
200 OK:
value:
LogoffUrl: ""
/PasswordVault/API/Auth/radius/Logon:
post:
tags:
- Authentication
- v2 API123
summary: Logon - RADIUS Authentication
description: "This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method enables you to set a new password."
operationId: logonRadiusAuthentication
requestBody:
content:
application/json:
schema:
type: object
properties:
Password:
type: string
example: "{{apiPassword}}"
Username:
type: string
example: "{{apiUsername}}"
concurrentSessions:
type: string
example: "false"
example:
Password: "{{apiPassword}}"
Username: "{{apiUsername}}"
concurrentSessions: "false"
responses:
"200":
description: ""
"/PasswordVault/API/ComponentsMonitoringDetails/{ComponentsID}":
get:
tags:
- System Health
summary: System Details
description: "This method returns details about specific components and all their installed instances, and system health information for each one.\n\n_Valid ComponentsID values: PVWA/SessionManagement/CPM/AIM_"
operationId: systemDetails
responses:
"200":
description: 200 OK (AIM)
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "200"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:22:30 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
ComponentsDetails:
type: array
items:
type: object
properties:
ComponentIP:
type: string
example: 192.168.3.108
ComponentSpecificStat:
type: number
example: -1
ComponentUserName:
type: string
example: Prov_COMPONENTS2016
ComponentVersion:
type: string
example: 10.5.0.23
IsLoggedOn:
type: boolean
example: true
LastLogonDate:
type: number
example: 1541898221
example:
- ComponentIP: 192.168.3.108
ComponentSpecificStat: -1
ComponentUserName: Prov_COMPONENTS2016
ComponentVersion: 10.5.0.23
IsLoggedOn: true
LastLogonDate: 1541898221
examples:
200 OK (AIM):
value:
ComponentsDetails:
- ComponentIP: 192.168.3.108
ComponentSpecificStat: -1
ComponentUserName: Prov_COMPONENTS2016
ComponentVersion: 10.5.0.23
IsLoggedOn: true
LastLogonDate: 1541898221
parameters:
- name: ComponentsID
in: path
required: true
schema:
type: string
/PasswordVault/API/ComponentsMonitoringSummary:
get:
tags:
- System Health
summary: System Summary
description: "This method returns consolidated information about the Vault, PVWA, CPM, PSM/PSMP, and AIM, including all clients that are relevant to each specific component."
operationId: systemSummary
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "742"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:23:03 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
Components:
type: array
items:
type: object
properties:
ComponentID:
type: string
example: PVWA
ComponentName:
type: string
example: PVWA
ComponentSpecificStat:
type: number
example: 1
ComponentTotalCount:
type: number
example: 1
ConnectedComponentCount:
type: number
example: 1
Description:
type: string
example: Active Users
example:
- ComponentID: PVWA
ComponentName: PVWA
ComponentSpecificStat: 1
ComponentTotalCount: 1
ConnectedComponentCount: 1
Description: Active Users
- ComponentID: CPM
ComponentName: CPM
ComponentSpecificStat: 32
ComponentTotalCount: 1
ConnectedComponentCount: 1
Description: Managed Accounts
- ComponentID: SessionManagement
ComponentName: PSM/PSMP
ComponentSpecificStat: 0
ComponentTotalCount: 2
ConnectedComponentCount: 2
Description: Concurrent Sessions
- ComponentID: AIM
ComponentName: AIM Credential Provider
ComponentSpecificStat: 4
ComponentTotalCount: 1
ConnectedComponentCount: 1
Description: Applications
Vaults:
type: array
items:
type: object
properties:
IP:
type: string
example: 192.168.3.101
IsLoggedOn:
type: boolean
example: true
Role:
type: string
example: Primary
example:
- IP: 192.168.3.101
IsLoggedOn: true
Role: Primary
examples:
200 OK:
value:
Components:
- ComponentID: PVWA
ComponentName: PVWA
ComponentSpecificStat: 1
ComponentTotalCount: 1
ConnectedComponentCount: 1
Description: Active Users
- ComponentID: CPM
ComponentName: CPM
ComponentSpecificStat: 32
ComponentTotalCount: 1
ConnectedComponentCount: 1
Description: Managed Accounts
- ComponentID: SessionManagement
ComponentName: PSM/PSMP
ComponentSpecificStat: 0
ComponentTotalCount: 2
ConnectedComponentCount: 2
Description: Concurrent Sessions
- ComponentID: AIM
ComponentName: AIM Credential Provider
ComponentSpecificStat: 4
ComponentTotalCount: 1
ConnectedComponentCount: 1
Description: Applications
Vaults:
- IP: 192.168.3.101
IsLoggedOn: true
Role: Primary
/PasswordVault/API/ConnectionComponents/Import:
post:
tags:
- Session Management
summary: Import Connection Component
description: This method enables administrators to import a new connection component.
operationId: importConnectionComponent
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n \"ImportFile\": {zip file byte array}\n}"
responses:
"200":
description: ""
/PasswordVault/API/IncomingRequests:
get:
tags:
- Requests
- Confirm Requests
summary: Get Incoming Request List
description: This method returns a list of all the requests for the confirmer to respond to.
operationId: getIncomingRequestList
parameters:
- name: onlywaiting
in: query
schema:
type: string
example: "false"
- name: expired
in: query
schema:
type: string
example: "false"
responses:
"200":
description: ""
"/PasswordVault/API/IncomingRequests/{RequestID}":
get:
tags:
- Requests
- Confirm Requests
summary: Get Details of a Request for Confirmation
description: This method returns details of a specific request in the Incoming Requests list.
operationId: getDetailsOfARequestForConfirmation
responses:
"200":
description: ""
parameters:
- name: RequestID
in: path
required: true
schema:
type: string
"/PasswordVault/API/IncomingRequests/{RequestID}/Confirm":
post:
tags:
- Requests
- Confirm Requests
summary: Confirm Request
description: "This method enables a request confirmer to confirm a single request, identified by its request ID."
operationId: confirmRequest
requestBody:
content:
application/json:
schema:
type: object
properties:
Reason:
type: string
example: "Automatically accepted via CyberArk Web Services on {{$timestamp}}"
example:
Reason: "Automatically accepted via CyberArk Web Services on {{$timestamp}}"
responses:
"200":
description: ""
parameters:
- name: RequestID
in: path
required: true
schema:
type: string
"/PasswordVault/API/IncomingRequests/{RequestID}/Reject":
post:
tags:
- Requests
- Confirm Requests
summary: Reject Request
description: "This method enables a request confirmer to reject a single request, identified by its request ID."
operationId: rejectRequest
requestBody:
content:
application/json:
schema:
type: object
properties:
Reason:
type: string
example: "Rejected automatically by CyberArk Web Services on {{$timestamp}}"
example:
Reason: "Rejected automatically by CyberArk Web Services on {{$timestamp}}"
responses:
"200":
description: ""
parameters:
- name: RequestID
in: path
required: true
schema:
type: string
/PasswordVault/API/LiveSessions:
get:
tags:
- Monitor Sessions
summary: Get Live Sessions
description: This method returns details of live sessions.
operationId: getLiveSessions
parameters:
- name: Limit
in: query
schema:
type: string
example: "25"
- name: Sort
in: query
schema:
type: string
example: RiskScore
- name: Offset
in: query
schema:
type: string
example: "0"
- name: Search
in: query
schema:
type: string
example: adm_domain
- name: Safe
in: query
schema:
type: string
example: "{{Safe}}"
- name: FromTime
in: query
schema:
type: string
example: "1514808001"
- name: ToTime
in: query
schema:
type: string
example: "1515326399"
- name: Activities
in: query
schema:
type: string
example: regedit
responses:
"200":
description: ""
"/PasswordVault/API/LiveSessions/{LiveSessionID}":
get:
tags:
- Monitor Sessions
summary: Get Live Session Details
description: This method returns details of live sessions.
operationId: getLiveSessionDetails
responses:
"200":
description: ""
parameters:
- name: LiveSessionID
in: path
required: true
schema:
type: string
"/PasswordVault/API/LiveSessions/{LiveSessionID}/Resume":
post:
tags:
- Monitor Sessions
- Session Actions
summary: Resume a Suspended Session
description: "The system will resume the suspended active session and allow the privileged user to continue working.\n\nFor more information on configuration, see [Active session monitoring settings](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Live-Session-Monitoring.htm#ActiveSessionMonitoringSettings)."
operationId: resumeASuspendedSession
requestBody:
content:
application/json:
schema:
type: object
properties: {}
example: {}
responses:
"200":
description: ""
parameters:
- name: LiveSessionID
in: path
required: true
schema:
type: string
"/PasswordVault/API/LiveSessions/{LiveSessionID}/Suspend":
post:
tags:
- Monitor Sessions
- Session Actions
summary: Suspend an Active Session
description: "The system will prevent a user from interacting with an active session until a security manager resumes it. This allows security teams to review the potentially risky session's audit trail to determine whether to allow the privileged user to continue their work.\n\nFor more information on configuration, see [Active session monitoring settings](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Live-Session-Monitoring.htm#ActiveSessionMonitoringSettings)."
operationId: suspendAnActiveSession
requestBody:
content:
application/json:
schema:
type: object
properties: {}
example: {}
responses:
"200":
description: ""
parameters:
- name: LiveSessionID
in: path
required: true
schema:
type: string
"/PasswordVault/API/LiveSessions/{LiveSessionID}/Terminate":
post:
tags:
- Monitor Sessions
- Session Actions
summary: Terminate an Active Session
description: "This method enables the system to terminate an active PSM session immediately to prevent high-risk activities. For more information on configuration, see [Active session monitoring settings](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Live-Session-Monitoring.htm#ActiveSessionMonitoringSettings)."
operationId: terminateAnActiveSession
requestBody:
content:
application/json:
schema:
type: object
properties: {}
example: {}
responses:
"200":
description: ""
parameters:
- name: LiveSessionID
in: path
required: true
schema:
type: string
"/PasswordVault/API/LiveSessions/{LiveSessionID}/activities":
get:
tags:
- Monitor Sessions
summary: Get Live Session Activities
description: This method returns details of live sessions.
operationId: getLiveSessionActivities
responses:
"200":
description: ""
parameters:
- name: LiveSessionID
in: path
required: true
schema:
type: string
"/PasswordVault/API/LiveSessions/{LiveSessionID}/properties":
get:
tags:
- Monitor Sessions
summary: Get Live Session Properties
description: This method returns details of live sessions.
operationId: getLiveSessionProperties
responses:
"200":
description: ""
parameters:
- name: LiveSessionID
in: path
required: true
schema:
type: string
/PasswordVault/API/MyRequests:
get:
tags:
- Requests
- My Requests
summary: Get My Requests
description: "This method returns a list of the end user's requests."
operationId: getMyRequests
parameters:
- name: onlywaiting
in: query
schema:
type: string
example: "false"
- name: expired
in: query
schema:
type: string
example: "false"
responses:
"200":
description: ""
post:
tags:
- Requests
- My Requests
summary: Create a Request
description: This method creates an access request for a specific account. This account may be either a password account or an SSH Key account.
operationId: createARequest
requestBody:
content:
application/json:
schema:
type: object
properties:
AccountID:
type: string
example: "{{AccountID}}"
Reason:
type: string
example: Access requested via CyberArk Web Services
TicketingSystemName:
type: string
example: ServiceNow
example:
AccountID: "{{AccountID}}"
Reason: Access requested via CyberArk Web Services
TicketingSystemName: ServiceNow
responses:
"200":
description: ""
"/PasswordVault/API/MyRequests/{RequestID}":
get:
tags:
- Requests
- My Requests
summary: Get Details of My Requests
description: This method returns details of all the requests in My Requests list.
operationId: getDetailsOfMyRequests
responses:
"200":
description: ""
delete:
tags:
- Requests
- My Requests
summary: Delete My Request
description: This method deletes a request made by a user.
operationId: deleteMyRequest
requestBody:
content:
application/json:
schema:
type: object
properties: {}
example: {}
responses:
"200":
description: ""
parameters:
- name: RequestID
in: path
required: true
schema:
type: string
/PasswordVault/API/PSM/Connectors:
get:
tags:
- Session Management
summary: Get All Connection Components
description: This method allows Vault admins to get the list of all connection components of an entire environment.
operationId: getAllConnectionComponents
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache,no-store, no-cache, must-revalidate"
Content-Length:
schema:
type: string
example: "1468"
Date:
schema:
type: string
example: "Thu, 24 Sep 2020 00:54:41 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: "no-cache,no-cache"
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
PSMConnectors:
type: array
items:
type: object
properties:
DisplayName:
type: string
example: ""
ID:
type: string
example: SSH
example:
- DisplayName: ""
ID: SSH
- DisplayName: ""
ID: RDP
- DisplayName: ""
ID: PuTTY
- DisplayName: ""
ID: RDPapplet-Sample
- DisplayName: ""
ID: RDPWinApplet
- DisplayName: ""
ID: WebConnection
- DisplayName: ""
ID: PSM-RDP
- DisplayName: ""
ID: PSM-SSH
- DisplayName: ""
ID: PSM-Telnet-Sample
- DisplayName: ""
ID: PSM-TOAD
- DisplayName: ""
ID: PSM-SQLPlus
- DisplayName: ""
ID: PSM-VSPHERE
- DisplayName: ""
ID: PSM-AS400
- DisplayName: ""
ID: PSM-OS390
- DisplayName: ""
ID: PSM-SQLServerMgmtStudio
- DisplayName: ""
ID: PSM-WebFormSample
- DisplayName: SQL Server Mgmt Studio
ID: PSM-SQLServerMgmtStudio-Win
- DisplayName: CyberArk Password Vault Web Application v9
ID: PSM-PVWA
- DisplayName: ""
ID: PSM-PrivateArkClient
- DisplayName: ""
ID: PSM-VNCClientSample
- DisplayName: ""
ID: PSM-VNCClientSample-AutoDeployed
- DisplayName: AWS Console with STS
ID: PSM-AWSConsoleWithSTS
- DisplayName: ""
ID: PSM-WinSCP
- DisplayName: CyberArk PTA
ID: PSM-PTA
- DisplayName: ""
ID: PSM-WebAppSample
- DisplayName: Microsoft Azure Portal
ID: PSM-MS-AzurePortal
- DisplayName: VMWare vSphere Web
ID: PSM-VSPHERE-Web
- DisplayName: CyberArk Password Vault Web Application v10
ID: PSM-PVWA-v10
- DisplayName: ""
ID: PSM-SAPGUI
- DisplayName: SQL Server Mgmt Studio Database
ID: PSM-SQLServerMgmtStudio-Database
Total:
type: number
example: 30
examples:
200 OK:
value:
PSMConnectors:
- DisplayName: ""
ID: SSH
- DisplayName: ""
ID: RDP
- DisplayName: ""
ID: PuTTY
- DisplayName: ""
ID: RDPapplet-Sample
- DisplayName: ""
ID: RDPWinApplet
- DisplayName: ""
ID: WebConnection
- DisplayName: ""
ID: PSM-RDP
- DisplayName: ""
ID: PSM-SSH
- DisplayName: ""
ID: PSM-Telnet-Sample
- DisplayName: ""
ID: PSM-TOAD
- DisplayName: ""
ID: PSM-SQLPlus
- DisplayName: ""
ID: PSM-VSPHERE
- DisplayName: ""
ID: PSM-AS400
- DisplayName: ""
ID: PSM-OS390
- DisplayName: ""
ID: PSM-SQLServerMgmtStudio
- DisplayName: ""
ID: PSM-WebFormSample
- DisplayName: SQL Server Mgmt Studio
ID: PSM-SQLServerMgmtStudio-Win
- DisplayName: CyberArk Password Vault Web Application v9
ID: PSM-PVWA
- DisplayName: ""
ID: PSM-PrivateArkClient
- DisplayName: ""
ID: PSM-VNCClientSample
- DisplayName: ""
ID: PSM-VNCClientSample-AutoDeployed
- DisplayName: AWS Console with STS
ID: PSM-AWSConsoleWithSTS
- DisplayName: ""
ID: PSM-WinSCP
- DisplayName: CyberArk PTA
ID: PSM-PTA
- DisplayName: ""
ID: PSM-WebAppSample
- DisplayName: Microsoft Azure Portal
ID: PSM-MS-AzurePortal
- DisplayName: VMWare vSphere Web
ID: PSM-VSPHERE-Web
- DisplayName: CyberArk Password Vault Web Application v10
ID: PSM-PVWA-v10
- DisplayName: ""
ID: PSM-SAPGUI
- DisplayName: SQL Server Mgmt Studio Database
ID: PSM-SQLServerMgmtStudio-Database
Total: 30
/PasswordVault/API/PSM/Servers:
get:
tags:
- Session Management
summary: Get All PSM Servers
description: This method allows Vault admins to get a list of all PSM servers defined for an environment.
operationId: getAllPsmServers
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache,no-store, no-cache, must-revalidate"
Content-Length:
schema:
type: string
example: "197"
Date:
schema:
type: string
example: "Thu, 24 Sep 2020 00:55:48 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: "no-cache,no-cache"
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
PSMServers:
type: array
items:
type: object
properties:
Address:
type: string
example: 54.88.213.184
ID:
type: string
example: PSMServer_a91999c
Name:
type: string
example: PSM Server on PASAAS-PVWA
example:
- Address: 54.88.213.184
ID: PSMServer_a91999c
Name: PSM Server on PASAAS-PVWA
- Address: psm.joegarcia.dev
ID: PSMServer
Name: PSM Server on PASAAS-PSM
Total:
type: number
example: 2
examples:
200 OK:
value:
PSMServers:
- Address: 54.88.213.184
ID: PSMServer_a91999c
Name: PSM Server on PASAAS-PVWA
- Address: psm.joegarcia.dev
ID: PSMServer
Name: PSM Server on PASAAS-PSM
Total: 2
/PasswordVault/API/Platforms:
get:
tags:
- Platforms
summary: Get Platforms
description: "This method returns all existing account platforms from the Vault.\n\nYou can use filters to retrieve a subset of the platforms or search for a specific platform. For details, see URL parameters.\n\n**Note:** The [Get Platform Details](#585553e8-dea9-4617-9313-297aac8d7273) API, used to retrieve details for a specific platform, returns a different set of parameters."
operationId: getPlatforms
parameters:
- name: Active
in: query
schema:
type: string
example: "true"
description: "Filter according to whether the platform is active or not. Valid values: true or false"
- name: PlatformType
in: query
schema:
type: string
example: Regular
description: "Filter according to the platform type. Valid values: Group or Regular"
- name: PlatformName
in: query
schema:
type: string
example: string
description: Searching according to the platform name.
responses:
"200":
description: ""
"/PasswordVault/API/Platforms/Targets/{PlatformName}/PrivilegedSessionManagement":
get:
tags:
- Session Management
summary: Get Session Management Policy of Platform
description: This method allows Vault admins to retrieve the PSM Policy Section of a target platform.
operationId: getSessionManagementPolicyOfPlatform
responses:
"200":
description: ""
"400":
description: 400 Bad Request
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache,no-store, no-cache, must-revalidate"
Content-Length:
schema:
type: string
example: "197"
Date:
schema:
type: string
example: "Thu, 24 Sep 2020 00:57:16 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: "no-cache,no-cache"
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
Details:
type: array
items:
type: object
properties:
ErrorCode:
type: string
example: ""
ErrorMessage:
type: string
example: "The value 'WinDomain' is not valid for Int64."
ParameterName:
type: string
example: platformID
example:
- ErrorCode: ""
ErrorMessage: "The value 'WinDomain' is not valid for Int64."
ParameterName: platformID
ErrorCode:
type: string
example: PASWS167E
ErrorMessage:
type: string
example: There are some invalid parameters
examples:
400 Bad Request:
value:
Details:
- ErrorCode: ""
ErrorMessage: "The value 'WinDomain' is not valid for Int64."
ParameterName: platformID
ErrorCode: PASWS167E
ErrorMessage: There are some invalid parameters
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
"/PasswordVault/API/Platforms/{PlatformName}":
get:
tags:
- Platforms
summary: Get Platform Details
description: This method retrieves details of a specified platform from the Vault.
operationId: getPlatformDetails
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "1419"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:08:20 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
Active:
type: boolean
example: true
Details:
type: object
properties:
AllowManualChange:
type: string
example: "Yes"
AllowedSafes:
type: string
example: ".*"
ChangeNotificationPeriod:
type: string
example: "-1"
DaysNotifyPriorExpiration:
type: string
example: "7"
DllName:
type: string
example: PMWindows.dll
ExpirationPeriod:
type: string
example: "90"
FromHour:
type: string
example: "-1"
HeadStartInterval:
type: string
example: "5"
ImmediateInterval:
type: string
example: "5"
Interval:
type: string
example: "1440"
MaxConcurrentConnections:
type: string
example: "3"
MaximumRetries:
type: string
example: "5"
MinDelayBetweenRetries:
type: string
example: "90"
MinDigit:
type: string
example: "1"
MinLowerCase:
type: string
example: "2"
MinSpecial:
type: string
example: "1"
MinUpperCase:
type: string
example: "2"
MinValidityPeriod:
type: string
example: "60"
NFNotifyOnPasswordDisable:
type: string
example: "Yes"
NFNotifyOnPasswordUsed:
type: string
example: "No"
NFNotifyOnVerificationErrors:
type: string
example: "Yes"
NFNotifyPriorExpiration:
type: string
example: "No"
NFOnPasswordDisableRecipients:
type: string
example: ""
NFOnPasswordUsedRecipients:
type: string
example: ""
NFOnVerificationErrorsRecipients:
type: string
example: ""
NFPriorExpirationRecipients:
type: string
example: ""
OneTimePassword:
type: string
example: "False"
PasswordLength:
type: string
example: "8"
PasswordLevelRequestTimeframe:
type: string
example: "False"
PerformPeriodicChange:
type: string
example: "No"
PolicyID:
type: string
example: WinDomain
PolicyName:
type: string
example: Windows Domain Account
PolicyType:
type: string
example: regular
RCAllowManualReconciliation:
type: string
example: "Yes"
RCAutomaticReconcileWhenUnsynched:
type: string
example: "No"
RCFromHour:
type: string
example: "-1"
RCReconcileReasons:
type: string
example: "2114,2115,2106,2101"
RCToHour:
type: string
example: "-1"
ResetOveridesMinValidity:
type: string
example: "yes"
ResetOveridesTimeFrame:
type: string
example: "yes"
SearchForUsages:
type: string
example: "Yes"
Timeout:
type: string
example: "30"
ToHour:
type: string
example: "-1"
UnlockIfFail:
type: string
example: "no"
UnrecoverableErrors:
type: string
example: "2103,2105,2121"
VFAllowManualVerification:
type: string
example: "Yes"
VFFromHour:
type: string
example: "-1"
VFPerformPeriodicVerification:
type: string
example: "No"
VFToHour:
type: string
example: "-1"
VFVerificationPeriod:
type: string
example: "7"
XMLFile:
type: string
example: "yes"
PlatformID:
type: string
example: WinDomain
examples:
200 OK:
value:
Active: true
Details:
AllowManualChange: "Yes"
AllowedSafes: ".*"
ChangeNotificationPeriod: "-1"
DaysNotifyPriorExpiration: "7"
DllName: PMWindows.dll
ExpirationPeriod: "90"
FromHour: "-1"
HeadStartInterval: "5"
ImmediateInterval: "5"
Interval: "1440"
MaxConcurrentConnections: "3"
MaximumRetries: "5"
MinDelayBetweenRetries: "90"
MinDigit: "1"
MinLowerCase: "2"
MinSpecial: "1"
MinUpperCase: "2"
MinValidityPeriod: "60"
NFNotifyOnPasswordDisable: "Yes"
NFNotifyOnPasswordUsed: "No"
NFNotifyOnVerificationErrors: "Yes"
NFNotifyPriorExpiration: "No"
NFOnPasswordDisableRecipients: ""
NFOnPasswordUsedRecipients: ""
NFOnVerificationErrorsRecipients: ""
NFPriorExpirationRecipients: ""
OneTimePassword: "False"
PasswordLength: "8"
PasswordLevelRequestTimeframe: "False"
PerformPeriodicChange: "No"
PolicyID: WinDomain
PolicyName: Windows Domain Account
PolicyType: regular
RCAllowManualReconciliation: "Yes"
RCAutomaticReconcileWhenUnsynched: "No"
RCFromHour: "-1"
RCReconcileReasons: "2114,2115,2106,2101"
RCToHour: "-1"
ResetOveridesMinValidity: "yes"
ResetOveridesTimeFrame: "yes"
SearchForUsages: "Yes"
Timeout: "30"
ToHour: "-1"
UnlockIfFail: "no"
UnrecoverableErrors: "2103,2105,2121"
VFAllowManualVerification: "Yes"
VFFromHour: "-1"
VFPerformPeriodicVerification: "No"
VFToHour: "-1"
VFVerificationPeriod: "7"
XMLFile: "yes"
PlatformID: WinDomain
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
"/PasswordVault/API/Platforms/{PlatformName}/Export":
post:
tags:
- Platforms
summary: Export Platform
description: "If testing this in the Postman application, click the \"Download\" button after receiving the zip file stream to download the ZIP file locally."
operationId: exportPlatform
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache,no-store, no-cache, must-revalidate"
Content-Disposition:
schema:
type: string
example: attachment; filename=WinDomain.zip
Content-Length:
schema:
type: string
example: "2498"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:10:06 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: "no-cache,no-cache"
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
text/plain:
schema:
type: string
examples:
200 OK:
value: "trimmed"
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
/PasswordVault/API/Recordings:
get:
tags:
- Monitor Sessions
- Recordings
summary: Get Recordings
description: "This method returns the details of recordings of PSM, PSMP or OPM sessions."
operationId: getRecordings
parameters:
- name: Limit
in: query
schema:
type: string
example: "25"
- name: Sort
in: query
schema:
type: string
example: RiskScore
- name: Offset
in: query
schema:
type: string
example: "0"
- name: Search
in: query
schema:
type: string
example: adm_domain
- name: Safe
in: query
schema:
type: string
example: "{{Safe}}"
- name: FromTime
in: query
schema:
type: string
example: "1514808001"
- name: ToTime
in: query
schema:
type: string
example: "1515326399"
- name: Activities
in: query
schema:
type: string
example: regedit
responses:
"200":
description: ""
"/PasswordVault/API/Recordings/{RecordingsID}":
get:
tags:
- Monitor Sessions
- Recordings
summary: Get Recording Details
description: "This method returns the details of recordings of PSM, PSMP or OPM sessions."
operationId: getRecordingDetails
responses:
"200":
description: ""
parameters:
- name: RecordingsID
in: path
required: true
schema:
type: string
"/PasswordVault/API/Recordings/{RecordingsID}/activities":
get:
tags:
- Monitor Sessions
- Recordings
summary: Get Recording Activities
description: "This method returns the details of recordings of PSM, PSMP or OPM sessions."
operationId: getRecordingActivities
responses:
"200":
description: ""
parameters:
- name: RecordingsID
in: path
required: true
schema:
type: string
"/PasswordVault/API/Recordings/{RecordingsID}/properties":
get:
tags:
- Monitor Sessions
- Recordings
summary: Get Recording Properties
description: "This method returns the details of recordings of PSM, PSMP or OPM sessions."
operationId: getRecordingProperties
responses:
"200":
description: ""
parameters:
- name: RecordingsID
in: path
required: true
schema:
type: string
"/PasswordVault/API/Safes/{Safe}/AccountGroups":
get:
tags:
- Safes
summary: Get Safe Account Groups
description: "This method returns all the existing account groups in a specific Safe. The user performing this task must have the following permissions in the Safe:\n\n* Add accounts\n* Update account content\n* Update account properties\n* Create folders"
operationId: getSafeAccountGroups
responses:
"200":
description: 200 OK (No Account Groups)
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "2"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:20:34 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: array
items: {}
example: []
examples:
200 OK (No Account Groups):
value: []
parameters:
- name: Safe
in: path
required: true
schema:
type: string
/PasswordVault/API/auth/SAML/Logon:
post:
tags:
- Authentication
- v2 API123
- SAML Authentication
summary: Logon
description: "This method authenticates a user to the Vault using SAML authentication and returns a token that can be used in subsequent web services calls.\n\n[Example PowerShell Code is available here](https://gist.github.com/infamousjoeg/b44faa299ec3de65bdd1d3b8474b0649)"
operationId: logon
parameters:
- name: concurrentSession
in: query
schema:
type: string
example: "false"
description: Boolean value
- name: apiUse
in: query
schema:
type: string
example: "true"
description: Never should be false
- name: SAMLResponse
in: query
schema:
type: string
example: "{{SAMLToken}}"
requestBody:
content:
text/plain:
schema:
type: string
example: ""
responses:
"200":
description: ""
/PasswordVault/API/auth/Windows/Logon:
post:
tags:
- Authentication
- v2 API123
summary: Logon - Windows Authentication
description: "This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method enables you to set a new password."
operationId: logonWindowsAuthentication
requestBody:
content:
application/json:
schema:
type: object
properties:
concurrentSessions:
type: string
example: "false"
password:
type: string
example: "{{apiPassword}}"
username:
type: string
example: "{{apiUsername}}"
example:
concurrentSessions: "false"
password: "{{apiPassword}}"
username: "{{apiUsername}}"
responses:
"200":
description: ""
/PasswordVault/API/pta/API/Events/:
get:
tags:
- Privileged Threat Analytics (PTA)
- Security Events
summary: Get Security Events
description: This method returns all PTA Security Events.
operationId: getSecurityEvents
responses:
"200":
description: ""
"/PasswordVault/API/pta/API/Events/{ptaSecurityEventID}":
patch:
tags:
- Privileged Threat Analytics (PTA)
- Security Events
summary: Update Security Event
description: This method updates the status of a security event to open or closed.
operationId: updateSecurityEvent
requestBody:
content:
application/json:
schema:
type: object
properties:
mStatus:
type: string
example: "<OPEN/CLOSED>"
example:
mStatus: "<OPEN/CLOSED>"
responses:
"200":
description: ""
parameters:
- name: ptaSecurityEventID
in: path
required: true
schema:
type: string
/PasswordVault/API/pta/API/Settings:
get:
tags:
- Privileged Threat Analytics (PTA)
- Security Events
summary: Get Security Settings
description: This method returns risky activities rules and automatic remediation settings of the PTA Server configuration.
operationId: getSecuritySettings
responses:
"200":
description: ""
/PasswordVault/API/pta/API/Settings/AutomaticRemediations/:
patch:
tags:
- Privileged Threat Analytics (PTA)
- Security Events
summary: Update Security Remediation Settings
description: This method updates the automatic remediation properties in the PTA server configuration.
operationId: updateSecurityRemediationSettings
responses:
"200":
description: ""
/PasswordVault/API/pta/API/Settings/RiskyActivity/:
put:
tags:
- Privileged Threat Analytics (PTA)
- Security Events
summary: Update Risky Commands Rule
description: This method updates an existing Risky Activity rule in the PTA server configuration.
operationId: updateRiskyCommandsRule
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"id\": \"0\", \n\t\"category\": \"KEYSTROKES\",\n\t\"regex\": \"(.*)netsh(.*)wlan(.*)key=clear(.*)\", \n\t\"score\": 40, \n\t\"description\": \"Indication of a privileged user using a decoding command in clear text to retrieve a WIFI password.\", \n\t\"response\": \"NONE\", \n\t\"active\": true\n\t\"scope\": { \n\t\t\"vaultUsers\": {\n\t\t\t\"mode\":\"EXCLUDE\",\n\t\t\t\"list\":[\"anna\"]\n\t\t}, \n\t\t\"machines\": {\n\t\t\t\"mode\":\"include\",\n\t\t\t\"list\":[\"*\"]\n\t\t} \n\t}\n}"
responses:
"200":
description: ""
post:
tags:
- Privileged Threat Analytics (PTA)
- Security Events
summary: Add Risky Commands Rule
description: This method adds a new Risky Activity rule in the PTA server configuration.
operationId: addRiskyCommandsRule
requestBody:
content:
application/json:
schema:
type: object
properties:
active:
type: boolean
example: true
category:
type: string
example: KEYSTROKES
description:
type: string
example: Indication of a privileged user using a decoding command in clear text to retrieve a WIFI password.
regex:
type: string
example: (.*)netsh(.*)wlan(.*)key=clear(.*)
response:
type: string
example: NONE
scope:
type: object
properties:
machines:
type: object
properties:
list:
type: array
items:
type: string
example: "*"
example:
- "*"
mode:
type: string
example: INCLUDE
vaultUsers:
type: object
properties:
list:
type: array
items:
type: string
example: john*
example:
- john*
mode:
type: string
example: EXCLUDE
score:
type: number
example: 40
example:
active: true
category: KEYSTROKES
description: Indication of a privileged user using a decoding command in clear text to retrieve a WIFI password.
regex: (.*)netsh(.*)wlan(.*)key=clear(.*)
response: NONE
scope:
machines:
list:
- "*"
mode: INCLUDE
vaultUsers:
list:
- john*
mode: EXCLUDE
score: 40
responses:
"200":
description: ""
/PasswordVault/WebServices/PIMServices.svc/Account:
post:
tags:
- Accounts
- v1 API
summary: "Add Account [v9.0+]"
description: This method adds a new privileged account to the Vault.
operationId: addAccountV90
requestBody:
content:
application/json:
schema:
type: object
properties:
account:
type: object
properties:
accountName:
type: string
example: AccountName
address:
type: string
example: "{{Address}}"
disableAutoMgmt:
type: string
example: "false"
disableAutoMgmtReason:
type: string
example: N/A
groupName:
type: string
example: ""
groupPlatformID:
type: string
example: ""
password:
type: string
example: Password123
platformID:
type: string
example: WinDomain
properties:
type: array
items:
type: object
properties:
Key:
type: string
example: Port
Value:
type: string
example: "<port>"
example:
- Key: Port
Value: "<port>"
- Key: ParamName
Value: Parameter value
safe:
type: string
example: "{{Safe}}"
username:
type: string
example: "{{UserName}}"
example:
account:
accountName: AccountName
address: "{{Address}}"
disableAutoMgmt: "false"
disableAutoMgmtReason: N/A
groupName: ""
groupPlatformID: ""
password: Password123
platformID: WinDomain
properties:
- Key: Port
Value: "<port>"
- Key: ParamName
Value: Parameter value
safe: "{{Safe}}"
username: "{{UserName}}"
responses:
"200":
description: ""
# "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress|ACLUserName|ACLPolicyID}/PrivilegedCommands":
# get:
# tags:
# - OPM Commands
# - Account
# summary: List Account/ACL
# description: This method gets a list of the privileged commands (OPM rules) associated with this account.
# operationId: listAccountAcl
# responses:
# "200":
# description: ""
# "500":
# description: 500 Internal Server Error (ACLAddress Required)
# headers:
# CA-ErrorMessage:
# schema:
# type: string
# example: Input parameter AccountAddress is obligatory. Please fix it and try again.
# CA-ErrorMessageBase64Encoded:
# schema:
# type: string
# example: SW5wdXQgcGFyYW1ldGVyIEFjY291bnRBZGRyZXNzIGlzIG9ibGlnYXRvcnkuIFBsZWFzZSBmaXggaXQgYW5kIHRyeSBhZ2Fpbi4=
# Cache-Control:
# schema:
# type: string
# example: "no-cache, no-store, must-revalidate"
# Content-Length:
# schema:
# type: string
# example: "118"
# Date:
# schema:
# type: string
# example: "Mon, 05 Jun 2017 21:08:01 GMT"
# Expires:
# schema:
# type: string
# example: "-1"
# Pragma:
# schema:
# type: string
# example: no-cache
# Server:
# schema:
# type: string
# example: Microsoft-IIS/8.5
# Set-Cookie:
# schema:
# type: string
# example: mobileState=Desktop; path=/PasswordVault/; HttpOnly
# X-Frame-Options:
# schema:
# type: string
# example: SAMEORIGIN
# X-UA-Compatible:
# schema:
# type: string
# example: IE=EmulateIE8
# content:
# application/json:
# schema:
# type: object
# properties:
# ErrorCode:
# type: string
# example: CAWS00001E
# ErrorMessage:
# type: string
# example: Input parameter AccountAddress is obligatory. Please fix it and try again.
# examples:
# 500 Internal Server Error (ACLAddress Required):
# value:
# ErrorCode: CAWS00001E
# ErrorMessage: Input parameter AccountAddress is obligatory. Please fix it and try again.
# put:
# tags:
# - OPM Commands
# - Account
# summary: Add Account/ACL
# description: This method adds a new privileged command rule to the account.
# operationId: addAccountAcl
# requestBody:
# content:
# application/json:
# schema:
# type: object
# properties:
# Command:
# type: string
# example: /bin/sh
# CommandGroup:
# type: boolean
# example: false
# PermissionType:
# type: string
# example: Deny
# Restrictions:
# type: string
# example: ""
# UserName:
# type: string
# example: "*"
# example:
# Command: /bin/sh
# CommandGroup: false
# PermissionType: Deny
# Restrictions: ""
# UserName: "*"
# responses:
# "200":
# description: ""
# parameters:
# - name: ACLAddress
# in: path
# required: true
# schema:
# type: string
# - name: ACLUserName
# in: path
# required: true
# schema:
# type: string
# - name: ACLPolicyID
# in: path
# required: true
# schema:
# type: string
# "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress}|{ACLUserName}|{ACLPolicyID}/PrivilegedCommands/":
# delete:
# tags:
# - OPM Commands
# - Account
# summary: Delete Account/ACL
# description: This method deletes privileged commands rules associated with the account.
# operationId: deleteAccountAcl
# parameters:
# - name: id
# in: query
# schema:
# type: string
# example: "1"
# requestBody:
# content:
# application/octet-stream: {}
# responses:
# "200":
# description: ""
# parameters:
# - name: ACLAddress
# in: path
# required: true
# schema:
# type: string
# - name: ACLUserName
# in: path
# required: true
# schema:
# type: string
# - name: ACLPolicyID
# in: path
# required: true
# schema:
# type: string
/PasswordVault/WebServices/PIMServices.svc/Accounts:
get:
tags:
- Accounts
- v1 API
summary: "Get Account Details [v9.3+]"
description: "This method returns information about an account. If more than one account meets the search criteria, only the first account will be returned, although the Count output parameter will display the number of accounts that were found.\r\nOnly the following users can access this account:\r\n- Users who are members of the Safe where the account is stored.\r\n- Users who have access to this specific account. For more information about object level access control, refer to Object Level Access Control in the Privileged Account Security Implementation Guide.\r\n- The user who runs this web service requires the following permission in the Safe:\r\n - List accounts\r\nNotes:\r\n- This method does not display the actual password.\r\n- If ten or more accounts are found, the Count Output parameter will show 10."
operationId: getAccountDetailsV93
parameters:
- name: Keywords
in: query
schema:
type: string
example: "{{Keywords}}"
- name: Safe
in: query
schema:
type: string
example: "{{Safe}}"
responses:
"200":
description: 200 OK
headers:
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "697"
Date:
schema:
type: string
example: "Mon, 05 Jun 2017 17:48:52 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/8.5
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; HttpOnly
X-Frame-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
content:
application/json:
schema:
type: object
properties:
Count:
type: number
example: 1
accounts:
type: array
items:
type: object
properties:
AccountID:
type: string
example: "41_4"
InternalProperties:
type: array
items:
type: object
properties:
Key:
type: string
example: CPMStatus
Value:
type: string
example: success
example:
- Key: CPMStatus
Value: success
- Key: CreationMethod
Value: PVWA
- Key: RetriesCount
Value: "-1"
- Key: LastTask
Value: VerifyTask
Properties:
type: array
items:
type: object
properties:
Key:
type: string
example: Safe
Value:
type: string
example: T-APP-CYBR-RESTAPI
example:
- Key: Safe
Value: T-APP-CYBR-RESTAPI
- Key: Folder
Value: Root
- Key: Name
Value: Operating System-WindowsDomainAccount-cyberark.local-test.user0001
- Key: UserName
Value: test.user0001
- Key: PolicyID
Value: WindowsDomainAccount
- Key: LogonDomain
Value: CYBERARK
- Key: LastSuccessVerification
Value: "1496683713"
- Key: Address
Value: cyberark.local
- Key: DeviceType
Value: Operating System
example:
- AccountID: "41_4"
InternalProperties:
- Key: CPMStatus
Value: success
- Key: CreationMethod
Value: PVWA
- Key: RetriesCount
Value: "-1"
- Key: LastTask
Value: VerifyTask
Properties:
- Key: Safe
Value: T-APP-CYBR-RESTAPI
- Key: Folder
Value: Root
- Key: Name
Value: Operating System-WindowsDomainAccount-cyberark.local-test.user0001
- Key: UserName
Value: test.user0001
- Key: PolicyID
Value: WindowsDomainAccount
- Key: LogonDomain
Value: CYBERARK
- Key: LastSuccessVerification
Value: "1496683713"
- Key: Address
Value: cyberark.local
- Key: DeviceType
Value: Operating System
examples:
200 OK:
value:
Count: 1
accounts:
- AccountID: "41_4"
InternalProperties:
- Key: CPMStatus
Value: success
- Key: CreationMethod
Value: PVWA
- Key: RetriesCount
Value: "-1"
- Key: LastTask
Value: VerifyTask
Properties:
- Key: Safe
Value: T-APP-CYBR-RESTAPI
- Key: Folder
Value: Root
- Key: Name
Value: Operating System-WindowsDomainAccount-cyberark.local-test.user0001
- Key: UserName
Value: test.user0001
- Key: PolicyID
Value: WindowsDomainAccount
- Key: LogonDomain
Value: CYBERARK
- Key: LastSuccessVerification
Value: "1496683713"
- Key: Address
Value: cyberark.local
- Key: DeviceType
Value: Operating System
"/PasswordVault/WebServices/PIMServices.svc/Accounts/{AccountID}":
put:
tags:
- Accounts
- v1 API
summary: "Update Account Details [v9.5+]"
description: "This method updates an existing account's details. In order to execute this web service, all the account’s details must be entered in the web service request. If the existing accounts properties are not sent as part of the request, the properties will be removed from the account. Any values sent in the request that were changed will be updated. All other properties values will remain the same.\r\nWhen you change the name or folder of a service account that has multiple dependencies (usages), the connection between it and its dependencies will be automatically maintained.\r\nIn addition, when you change the name or a folder of an account that is linked to another account, whether logon, reconciliation or verification, the links will be automatically updated.\r\nNotes:\r\nThis web service has the following limitations:\r\n- Dependencies (usages) cannot be updated.\r\n- Accounts that do not have a policy ID cannot be updated.\r\nPermissions\r\n- To update account properties, Safe members require the following permission:\r\n - Update password properties\r\n- To rename accounts, Safe members require the following permission:\r\n - Rename accounts\r\n- To move accounts to a different folder, Safe members require the following permission:\r\n - Move accounts/folders"
operationId: updateAccountDetailsV95
requestBody:
content:
application/json:
schema:
type: object
properties:
Accounts:
type: object
properties:
AccountName:
type: string
example: "{{ObjectName}}"
Address:
type: string
example: "{{Address}}"
DeviceType:
type: string
example: Operating System
Folder:
type: string
example: "{{Folder}}"
GroupName:
type: string
example: ""
GroupPlatformID:
type: string
example: ""
PlatformID:
type: string
example: WinDomain
Properties:
type: array
items:
type: object
properties:
Key:
type: string
example: Notes
Value:
type: string
example: Test User for CyberArk
example:
- Key: Notes
Value: Test User for CyberArk
- Key: Ticket Number
Value: CHG100001
- Key: ParamName
Value: Parameter value
UserName:
type: string
example: "{{UserName}}"
example:
Accounts:
AccountName: "{{ObjectName}}"
Address: "{{Address}}"
DeviceType: Operating System
Folder: "{{Folder}}"
GroupName: ""
GroupPlatformID: ""
PlatformID: WinDomain
Properties:
- Key: Notes
Value: Test User for CyberArk
- Key: Ticket Number
Value: CHG100001
- Key: ParamName
Value: Parameter value
UserName: "{{UserName}}"
responses:
"200":
description: ""
delete:
tags:
- Accounts
- v1 API
summary: "Delete Account [v9.3+]"
description: "This method deletes a specific account in the Vault.\r\nThe user who runs this web service requires the following permission in the Vault:\r\n- Delete accounts"
operationId: deleteAccountV93
requestBody:
content:
application/octet-stream:
schema:
type: string
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/WebServices/PIMServices.svc/Accounts/{AccountID}/Activities":
get:
tags:
- Accounts
- v1 API
summary: "List Activity by ID [v9.7+]"
description: This method returns the activities of a specific account that is identified by its account ID.
operationId: listActivityByIdV97
parameters:
- name: SafeName
in: query
schema:
type: string
example: "{{Safe}}"
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/WebServices/PIMServices.svc/Accounts/{AccountID}/ChangeCredentials":
put:
tags:
- Accounts
- Account Actions
- v1 API1
summary: "Change Credentials [v9.3+]"
description: "This method marks the account for an immediate password change by the CPM to a new random password.\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n- Initiate CPM password management operations\r\n\r\nNOTE: 'ImmediateChangeByCPM' is in the Web Services SDK as part of the body, but it should be included in the header as it is here."
operationId: changeCredentialsV93
requestBody:
content:
application/json:
schema:
type: object
properties:
ChangeCredsForGroup:
type: string
example: "No"
example:
ChangeCredsForGroup: "No"
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/WebServices/PIMServices.svc/Accounts/{AccountID}/Credentials":
get:
tags:
- Accounts
- Account Actions
- v1 API1
summary: Get Password Value
description: "This method enables users to retrieve the password of an existing account identified by its Account ID.\n\n* This web service will not return SSH Keys. If the request was sent for an SSK key, the following error will be returned: \"Failed to get the credentials of <AccountID>. Reason: The account is of type SSH Key.\"\n* This web service will not be able to retrieve the password if a reason is required (according to its effective Master Policy), and an error will be returned.\n\n**Note:** The ability to retrieve credentials using this REST API is intended for human use only and is not recommended for applications or automated processes where application-based authentication is required.\n\nFor application or automated processes use cases, refer to the [AAM Credential Providers Online Help](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Default.htm)."
operationId: getPasswordValue1
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/WebServices/PIMServices.svc/Accounts/{AccountID}/VerifyCredentials":
post:
tags:
- Accounts
- Account Actions
- v1 API1
summary: "Verify Credentials [v9.7-v9.9.5]"
description: "This method marks an account for verification by the CPM.\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n\r\n* Initiate CPM password management operations\r\n\r\n__This endpoint has been deprecated past v9.9.5__"
operationId: verifyCredentialsV97V995
requestBody:
content:
application/json:
schema:
type: object
properties: {}
example: {}
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
/PasswordVault/WebServices/PIMServices.svc/Applications/:
get:
tags:
- Applications
summary: List a Specific Application
description: "This method returns information about a specific application.\r\nThe user who runs this web service requires the following permission in the Vault:\r\n- Audit Users"
operationId: listASpecificApplication
parameters:
- name: AppID
in: query
schema:
type: string
example: "{{AppID}}"
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "423"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:25:46 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
application:
type: array
items:
type: object
properties:
AccessPermittedFrom:
type: number
example: 0
AccessPermittedTo:
type: number
example: 24
AllowExtendedAuthenticationRestrictions:
type: boolean
example: false
AppID:
type: string
example: Ansible
BusinessOwnerEmail:
type: string
example: joe.garcia@cyberark.com
BusinessOwnerFName:
type: string
example: Joe
BusinessOwnerLName:
type: string
example: Garcia
BusinessOwnerPhone:
type: string
example: 222-UWISHUKNEW
Description:
type: string
example: Identity assigned to all Ansible retrieved credentials for audit.
Disabled:
type: boolean
example: false
ExpirationDate:
nullable: true
example: ~
Location:
type: string
example: "\\Applications"
example:
- AccessPermittedFrom: 0
AccessPermittedTo: 24
AllowExtendedAuthenticationRestrictions: false
AppID: Ansible
BusinessOwnerEmail: joe.garcia@cyberark.com
BusinessOwnerFName: Joe
BusinessOwnerLName: Garcia
BusinessOwnerPhone: 222-UWISHUKNEW
Description: Identity assigned to all Ansible retrieved credentials for audit.
Disabled: false
ExpirationDate: ~
Location: "\\Applications"
examples:
200 OK:
value:
application:
- AccessPermittedFrom: 0
AccessPermittedTo: 24
AllowExtendedAuthenticationRestrictions: false
AppID: Ansible
BusinessOwnerEmail: joe.garcia@cyberark.com
BusinessOwnerFName: Joe
BusinessOwnerLName: Garcia
BusinessOwnerPhone: 222-UWISHUKNEW
Description: Identity assigned to all Ansible retrieved credentials for audit.
Disabled: false
ExpirationDate: ~
Location: "\\Applications"
post:
tags:
- Applications
summary: Add Application
description: "This method adds a new application to the Vault.\r\nThe user who adds this application requires the following permission in the Vault:\r\n- Manage Users"
operationId: addApplication
requestBody:
content:
application/json:
schema:
type: object
properties:
application:
type: object
properties:
AccessPermittedFrom:
type: number
example: 0
AccessPermittedTo:
type: number
example: 23
AppID:
type: string
example: "{{AppID}}"
BusinessOwnerEmail:
type: string
example: John.Doe@CyberArk.com
BusinessOwnerFName:
type: string
example: John
BusinessOwnerLName:
type: string
example: Doe
BusinessOwnerPhone:
type: string
example: 555-555-1212
Description:
type: string
example: Testing DevOps Deployments with CyberArk
Disabled:
type: string
example: "No"
ExpirationDate:
type: string
example: ""
Location:
type: string
example: /Applications
example:
application:
AccessPermittedFrom: 0
AccessPermittedTo: 23
AppID: "{{AppID}}"
BusinessOwnerEmail: John.Doe@CyberArk.com
BusinessOwnerFName: John
BusinessOwnerLName: Doe
BusinessOwnerPhone: 555-555-1212
Description: Testing DevOps Deployments with CyberArk
Disabled: "No"
ExpirationDate: ""
Location: /Applications
responses:
"200":
description: ""
"400":
description: 400 Bad Request
headers:
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "1647"
Date:
schema:
type: string
example: "Mon, 05 Jun 2017 18:46:42 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/8.5
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; HttpOnly
X-Frame-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
content:
text/plain:
schema:
type: string
examples:
400 Bad Request:
value: "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n <head>\r\n <title>Request Error</title>\r\n <style>BODY { color: #000000; background-color: white; font-family: Verdana; margin-left: 0px; margin-top: 0px; } #content { margin-left: 30px; font-size: .70em; padding-bottom: 2em; } A:link { color: #336699; font-weight: bold; text-decoration: underline; } A:visited { color: #6699cc; font-weight: bold; text-decoration: underline; } A:active { color: #336699; font-weight: bold; text-decoration: underline; } .heading1 { background-color: #003366; border-bottom: #336699 6px solid; color: #ffffff; font-family: Tahoma; font-size: 26px; font-weight: normal;margin: 0em 0em 10px -20px; padding-bottom: 8px; padding-left: 30px;padding-top: 16px;} pre { font-size:small; background-color: #e5e5cc; padding: 5px; font-family: Courier New; margin-top: 0px; border: 1px #f0f0e0 solid; white-space: pre-wrap; white-space: -pre-wrap; word-wrap: break-word; } table { border-collapse: collapse; border-spacing: 0px; font-family: Verdana;} table th { border-right: 2px white solid; border-bottom: 2px white solid; font-weight: bold; background-color: #cecf9c;} table td { border-right: 2px white solid; border-bottom: 2px white solid; background-color: #e5e5cc;}</style>\r\n </head>\r\n <body>\r\n <div id=\"content\">\r\n <p class=\"heading1\">Request Error</p>\r\n <p>The server encountered an error processing the request. See server logs for more details.</p>\r\n </div>\r\n </body>\r\n</html>"
delete:
tags:
- Applications
summary: Delete a Specific Application
description: "This method deletes a specific application.\r\nThe user requires the following permission in the Vault:\r\n- Manage Users"
operationId: deleteASpecificApplication
parameters:
- name: AppID
in: query
schema:
type: string
example: "{{AppID}}"
requestBody:
content:
application/octet-stream:
schema:
type: string
responses:
"200":
description: ""
"/PasswordVault/WebServices/PIMServices.svc/Applications/{AppID}/Authentications":
get:
tags:
- Applications
summary: List all Authentication Methods of a Specific Application
description: "This method returns information about all the authentications methods of a specific application.\r\nThe user who runs this web service requires the following permission in the Vault:\r\n- Audit Users"
operationId: listAllAuthenticationMethodsOfASpecificApplication
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "472"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:26:06 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
authentication:
type: array
items:
type: object
properties:
AllowInternalScripts:
nullable: true
example: ~
AppID:
type: string
example: Ansible
AuthType:
type: string
example: machineAddress
AuthValue:
type: string
example: ansible.192.168.3.103.xip.io
Comment:
nullable: true
example: ~
IsFolder:
nullable: true
example: ~
authID:
type: number
example: 1
example:
- AllowInternalScripts: ~
AppID: Ansible
AuthType: machineAddress
AuthValue: ansible.192.168.3.103.xip.io
Comment: ~
IsFolder: ~
authID: 1
- AllowInternalScripts: ~
AppID: Ansible
AuthType: machineAddress
AuthValue: 192.168.3.103
Comment: ~
IsFolder: ~
authID: 2
- AllowInternalScripts: ~
AppID: Ansible
AuthType: machineAddress
AuthValue: ansibletower
Comment: ~
IsFolder: ~
authID: 3
examples:
200 OK:
value:
authentication:
- AllowInternalScripts: ~
AppID: Ansible
AuthType: machineAddress
AuthValue: ansible.192.168.3.103.xip.io
Comment: ~
IsFolder: ~
authID: 1
- AllowInternalScripts: ~
AppID: Ansible
AuthType: machineAddress
AuthValue: 192.168.3.103
Comment: ~
IsFolder: ~
authID: 2
- AllowInternalScripts: ~
AppID: Ansible
AuthType: machineAddress
AuthValue: ansibletower
Comment: ~
IsFolder: ~
authID: 3
parameters:
- name: AppID
in: path
required: true
schema:
type: string
"/PasswordVault/WebServices/PIMServices.svc/Applications/{AppID}/Authentications/":
post:
tags:
- Applications
summary: Add Authentication
description: "This method adds a new authentication method to a specific application in the Vault.\r\nThe user who adds this authentication method requires the following permissions in the Vault:\r\n- Manage Users"
operationId: addAuthentication
requestBody:
content:
text/plain:
schema:
type: string
example: "{\r\n \"authentication\":\r\n {\r\n \"AuthType\":\"path/osuser/hash/machineAddress\",\r\n \"AuthValue\":\"<Path string>/<OSUser Name>/<Hash Value>/<Machine Address/CIDR>\",\r\n \"IsFolder\":<true/false>,\r\n \"AllowInternalScripts\":<true/false>\r\n }\r\n}"
responses:
"200":
description: ""
delete:
tags:
- Applications
summary: Delete a Specific Authentication
description: "This method deletes a specific authentication method from a defined application.\r\nThe user requires the following permission in the Vault:\r\n- Manage Users"
operationId: deleteASpecificAuthentication
parameters:
- name: AuthID
in: query
schema:
type: string
example: "1"
requestBody:
content:
application/octet-stream:
schema:
type: string
responses:
"200":
description: ""
parameters:
- name: AppID
in: path
required: true
schema:
type: string
"/PasswordVault/WebServices/PIMServices.svc/Groups/{GroupName}/Users":
post:
tags:
- User Management
- Groups
- v1 API123456
summary: Add User to Group
description: This method adds a specific user to an existing user group in the Vault.
operationId: addUserToGroup1
requestBody:
content:
application/json:
schema:
type: object
properties:
UserName:
type: string
example: "{{UserName}}"
example:
UserName: "{{UserName}}"
responses:
"200":
description: ""
parameters:
- name: GroupName
in: path
required: true
schema:
type: string
/PasswordVault/WebServices/PIMServices.svc/Logo:
get:
tags:
- Server
summary: Logo
description: This method returns the configuration of the logo that will be displayed in the CyberArk SafeShare logon screen and account settings.
operationId: logo
parameters:
- name: type
in: query
schema:
type: string
example: square
responses:
"200":
description: ""
/PasswordVault/WebServices/PIMServices.svc/PendingAccounts:
post:
tags:
- Accounts
- v1 API
summary: "Add Pending Account [v9.7+]"
description: "This method enables an account that is discovered by an external scanner to be added as a pending account to the Accounts Feed. This facilitates the privileged account workflow, during which users can identify privileged accounts and determine which are onboarded to the Vault.\r\nNote: This method adds password accounts only. It does not add SSH Keys."
operationId: addPendingAccountV97
requestBody:
content:
application/json:
schema:
type: object
properties:
pendingAccount:
type: object
properties:
AccountCategory:
type: string
example: Privileged
AccountCategoryCriteria:
type: string
example: "<criteria>"
AccountDescription:
type: string
example: CyberArk EPV Test User for Web Services
AccountDiscoveryDate:
type: string
example: "2016-12-19T08:19:03Z"
AccountEnabled:
type: string
example: Disabled
AccountExpirationDate:
type: string
example: ""
AccountOSGroups:
type: string
example: Domain Admins
AccountType:
type: string
example: Domain
Address:
type: string
example: "{{Address}}"
DiscoveryPlatformType:
type: string
example: Windows Domain Accounts
Domain:
type: string
example: joe-garcia.local
GID:
type: string
example: ""
LastLogonDate:
type: string
example: ""
LastPasswordSetDate:
type: string
example: "2016-12-19T08:19:03Z"
MachineOSFamily:
type: string
example: server
OSType:
type: string
example: Windows
OSVersion:
type: string
example: Windows Server 2012 R2
OU:
type: string
example: Users
PasswordNeverExpires:
type: string
example: "false"
UID:
type: string
example: ""
UserDisplayName:
type: string
example: CA_EPVTestUser
UserName:
type: string
example: "{{UserName}}"
example:
pendingAccount:
AccountCategory: Privileged
AccountCategoryCriteria: "<criteria>"
AccountDescription: CyberArk EPV Test User for Web Services
AccountDiscoveryDate: "2016-12-19T08:19:03Z"
AccountEnabled: Disabled
AccountExpirationDate: ""
AccountOSGroups: Domain Admins
AccountType: Domain
Address: "{{Address}}"
DiscoveryPlatformType: Windows Domain Accounts
Domain: joe-garcia.local
GID: ""
LastLogonDate: ""
LastPasswordSetDate: "2016-12-19T08:19:03Z"
MachineOSFamily: server
OSType: Windows
OSVersion: Windows Server 2012 R2
OU: Users
PasswordNeverExpires: "false"
UID: ""
UserDisplayName: CA_EPVTestUser
UserName: "{{UserName}}"
responses:
"200":
description: ""
"/PasswordVault/WebServices/PIMServices.svc/Policy/{ACLPolicyID}/PrivilegedCommands":
get:
tags:
- OPM Commands
- Policy
summary: List Policy/ACL
description: This method gets a list of the privileged commands (OPM rules) associated with this policy.
operationId: listPolicyAcl
responses:
"200":
description: ""
put:
tags:
- OPM Commands
- Policy
summary: Add Policy/ACL
description: This method adds a new privileged command rule to the policy.
operationId: addPolicyAcl
requestBody:
content:
application/json:
schema:
type: object
properties:
Command:
type: string
example: /bin/sh
CommandGroup:
type: boolean
example: false
PermissionType:
type: string
example: Deny
Restrictions:
type: string
example: ""
UserName:
type: string
example: "{{ACLUserName}}"
example:
Command: /bin/sh
CommandGroup: false
PermissionType: Deny
Restrictions: ""
UserName: "{{ACLUserName}}"
responses:
"200":
description: ""
parameters:
- name: ACLPolicyID
in: path
required: true
schema:
type: string
"/PasswordVault/WebServices/PIMServices.svc/Policy/{ACLPolicyID}/PrivilegedCommands/":
delete:
tags:
- OPM Commands
- Policy
summary: Delete Policy/ACL
description: This method deletes all privileged commands rules associated with the policy.
operationId: deletePolicyAcl
parameters:
- name: id
in: query
schema:
type: string
example: "1"
requestBody:
content:
application/octet-stream:
schema:
type: string
responses:
"200":
description: ""
parameters:
- name: ACLPolicyID
in: path
required: true
schema:
type: string
/PasswordVault/WebServices/PIMServices.svc/Safes:
get:
tags:
- Safes
summary: Search for a Safe
description: This method returns information about the Safes in the Vault that meet the criteria specified in the search query.
operationId: searchForASafe
parameters:
- name: query
in: query
schema:
type: string
example: "{{Query}}"
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "1250"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:19:06 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
SearchSafesResult:
type: array
items:
type: object
properties:
Description:
type: string
example: "Dev, CyberArk, REST API, Accounts"
ManagingCPM:
type: string
example: PasswordManagerNG
NumberOfDaysRetention:
nullable: true
example: ~
NumberOfVersionsRetention:
type: number
example: 5
OLACEnabled:
type: boolean
example: false
SafeName:
type: string
example: D-CYBR-RESTAPI-ACCTS
example:
- Description: "Dev, CyberArk, REST API, Accounts"
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-CYBR-RESTAPI-ACCTS
- Description: ""
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-LIN-ADMIN-USERS
- Description: "Dev, Linux, Root, SSH Keys"
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-LIN-ROOT-SSHKEYS
- Description: "Dev, MySQL, Local Users"
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-MYSQL-LOCAL-USERS
- Description: "DEV, Qualys, Accounts"
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-QUALYS-ACCTS
- Description: "DEV, Tenable, Accounts"
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-TENABLE-ACCTS
- Description: ""
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-TEST-SAFE
examples:
200 OK:
value:
SearchSafesResult:
- Description: "Dev, CyberArk, REST API, Accounts"
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-CYBR-RESTAPI-ACCTS
- Description: ""
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-LIN-ADMIN-USERS
- Description: "Dev, Linux, Root, SSH Keys"
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-LIN-ROOT-SSHKEYS
- Description: "Dev, MySQL, Local Users"
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-MYSQL-LOCAL-USERS
- Description: "DEV, Qualys, Accounts"
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-QUALYS-ACCTS
- Description: "DEV, Tenable, Accounts"
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-TENABLE-ACCTS
- Description: ""
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: D-TEST-SAFE
post:
tags:
- Safes
summary: Add Safe
description: "This method adds a new Safe to the Vault.\n\nThe user who runs this web service requires **Add Safes** permissions in the Vault."
operationId: addSafe
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"safe\": {\n\t\t\"SafeName\":\"<Safe name>\",\n\t\t\"Description\":\"<Description>\",\n\t\t\"OLACEnabled\":<true/false>,\n\t\t\"ManagingCPM\":\"<CPM user>\",\n\t\t\"NumberOfVersionsRetention\":<1-999>,\n\t\t\"NumberOfDaysRetention\":<1-3650>\n\t}\n}"
responses:
"200":
description: ""
"/PasswordVault/WebServices/PIMServices.svc/Safes/{Safe}":
get:
tags:
- Safes
- v1 API1234
summary: Get Safe Details
description: This method returns information about a specific Safe in the Vault.
operationId: getSafeDetails1
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "180"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:16:41 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
GetSafeResult:
type: object
properties:
Description:
type: string
example: ""
ManagingCPM:
type: string
example: PasswordManagerNG
NumberOfDaysRetention:
nullable: true
example: ~
NumberOfVersionsRetention:
type: number
example: 5
OLACEnabled:
type: boolean
example: false
SafeName:
type: string
example: P-WIN-LOCAL-ADMIN
examples:
200 OK:
value:
GetSafeResult:
Description: ""
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: P-WIN-LOCAL-ADMIN
put:
tags:
- Safes
summary: Update Safe
description: "This method updates a single Safe in the Vault. The user who runs this web service requires the following permissions:\n\nIn the Vault:\n* Manage Safes\n\nIn the Safe:\n* View Safe Members"
operationId: updateSafe
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"safe\": {\n\t\t\"SafeName\":\"<The name of the Safe>\",\n\t\t\"Description\":\"<Description of the Safe>\",\n\t\t\"OLACEnabled\":<true/false>,\n\t\t\"ManagingCPM\":\"<Name of CPM user managing the Safe>\",\n\t\t\"NumberOfVersionsRetention\":<1-999>,\n\t\t\"NumberOfDaysRetention\":<1-3650>\n\t}\n}"
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "224"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:18:14 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
UpdateSafeResult:
type: object
properties:
Description:
type: string
example: "Production, Windows, Local Administrators"
ManagingCPM:
type: string
example: PasswordManagerNG
NumberOfDaysRetention:
nullable: true
example: ~
NumberOfVersionsRetention:
type: number
example: 5
OLACEnabled:
type: boolean
example: false
SafeName:
type: string
example: P-WIN-LOCAL-ADMIN
examples:
200 OK:
value:
UpdateSafeResult:
Description: "Production, Windows, Local Administrators"
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: P-WIN-LOCAL-ADMIN
delete:
tags:
- Safes
summary: Delete Safe
description: "This method deletes a Safe from the Vault.\n\nThe user who runs this web service requires **Manage Safe** permissions in the Vault."
operationId: deleteSafe
responses:
"200":
description: ""
parameters:
- name: Safe
in: path
required: true
schema:
type: string
"/PasswordVault/WebServices/PIMServices.svc/Safes/{Safe}/Members":
get:
tags:
- Safes
- Safe Members
summary: List Safe Members
description: This method returns a list of the members of the Safe. The user performing this task must have **ViewSafeMembers** permissions in the Safe.
operationId: listSafeMembers
responses:
"200":
description: ""
post:
tags:
- Safes
- Safe Members
summary: Add Safe Member
description: "This method adds an existing user as a Safe member.\n\nThe user who runs this web service requires **Manage Safe Members** permissions in the Vault."
operationId: addSafeMember
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"member\": {\n\t\t\"MemberName\":\"<The name of the user to add as a Safe member>\",\n\t\t\"SearchIn\":\"<Search for the member in the Vault or Domain>\",\n\t\t\"MembershipExpirationDate\":\"<MM\\DD\\YY or empty if there is no expiration date>\",\n\t\t\"Permissions\":<User’s permissions in the Safe>\n\t\t[\n\t\t\t{\"Key\":\"UseAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RetrieveAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ListAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"AddAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UpdateAccountContent\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UpdateAccountProperties\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"InitiateCPMAccountManagementOperations\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"SpecifyNextAccountContent\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RenameAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"DeleteAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UnlockAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ManageSafe\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ManageSafeMembers\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"BackupSafe\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ViewAuditLog\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ViewSafeMembers\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RequestsAuthorizationLevel\", \"Value\":<0/1/2>},\n\t\t\t{\"Key\":\"AccessWithoutConfirmation\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"CreateFolders\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"DeleteFolders\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"MoveAccountsAndFolders\", \"Value\":<true/false>}\n\t\t]\n\t}\n}"
responses:
"200":
description: ""
parameters:
- name: Safe
in: path
required: true
schema:
type: string
"/PasswordVault/WebServices/PIMServices.svc/Safes/{Safe}/Members/{SafeMember}":
put:
tags:
- Safes
- Safe Members
summary: Update Safe Member
description: "This method updates an existing Safe member.\n\nThe user who runs this web service requires **Manage Safe Members** permissions in the Vault."
operationId: updateSafeMember
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"member\": {\n\t\t\"MembershipExpirationDate\":\"<MM\\DD\\YY or empty for no expiration>\",\n\t\t\"Permissions\":<User’s permissions in the Safe>\n\t\t[\n\t\t\t{\"Key\":\"UseAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RetrieveAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ListAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"AddAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UpdateAccountContent\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UpdateAccountProperties\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"InitiateCPMAccountManagementOperations\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"SpecifyNextAccountContent\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RenameAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"DeleteAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UnlockAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ManageSafe\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ManageSafeMembers\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"BackupSafe\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ViewAuditLog\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ViewSafeMembers\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RequestsAuthorizationLevel\", \"Value\":<0/1/2>},\n\t\t\t{\"Key\":\"AccessWithoutConfirmation\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"CreateFolders\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"DeleteFolders\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"MoveAccountsAndFolders\", \"Value\":<true/false>}\n\t\t]\n\t}\n}"
responses:
"200":
description: ""
delete:
tags:
- Safes
- Safe Members
summary: Delete Safe Member
description: "This method removes a specific member from a Safe.\n\nThe user who runs this web service requires **Manage Safe Members** permissions in the Vault."
operationId: deleteSafeMember
responses:
"200":
description: ""
parameters:
- name: Safe
in: path
required: true
schema:
type: string
- name: SafeMember
in: path
required: true
schema:
type: string
/PasswordVault/WebServices/PIMServices.svc/Server:
get:
tags:
- Server
summary: Server
description: This method returns the display name of the Vault configured in the **ServerDisplayName** configuration parameter.
operationId: server
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "79"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:21:22 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
ExternalVersion:
type: string
example: 10.5.0
InternalVersion:
type: string
example: 10.5.0.48
ServerName:
type: string
example: Vault
examples:
200 OK:
value:
ExternalVersion: 10.5.0
InternalVersion: 10.5.0.48
ServerName: Vault
/PasswordVault/WebServices/PIMServices.svc/User:
get:
tags:
- User Management
- Users
- v2 API12345
summary: Logged On User Details
description: This method returns user information of the user who is logged on.
operationId: loggedOnUserDetails
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "223"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:23:17 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
AgentUser:
type: boolean
example: false
Disabled:
type: boolean
example: false
Email:
type: string
example: ""
Expired:
type: boolean
example: false
ExpiryDate:
nullable: true
example: ~
FirstName:
type: string
example: ""
LastName:
type: string
example: ""
Location:
type: string
example: "\\"
Source:
type: string
example: Internal
Suspended:
type: boolean
example: false
UserName:
type: string
example: Administrator
UserTypeName:
type: string
example: Built-InAdmins
examples:
200 OK:
value:
AgentUser: false
Disabled: false
Email: ""
Expired: false
ExpiryDate: ~
FirstName: ""
LastName: ""
Location: "\\"
Source: Internal
Suspended: false
UserName: Administrator
UserTypeName: Built-InAdmins
/PasswordVault/WebServices/PIMServices.svc/Users:
post:
tags:
- User Management
- Users
- v1 API12345
summary: Add User
description: Add User
operationId: addUser1
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"UserName\":\"<string>\",\n\t\"InitialPassword\":\"<string>\",\n\t\"Email\":\"<string>\",\n\t\"FirstName\":\"<string>\",\n\t\"LastName\":\"<string>\",\n\t\"ChangePasswordOnTheNextLogon\":<bool>,\n\t\"ExpiryDate\":\"<string>\",\n\t\"UserTypeName\":\"<string>\",\n\t\"Disabled\":<bool>,\n\t\"Location\":\"<string>\"\n}"
responses:
"200":
description: ""
"/PasswordVault/WebServices/PIMServices.svc/Users/{UserID}":
get:
tags:
- User Management
- Users
- v2 API12345
summary: Get User Details
description: "This method returns information about a specific user in the Vault.\n\nTo run this Web service, you must have the following permissions:\n\n* Audit users"
operationId: getUserDetails
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "218"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:23:43 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
AgentUser:
type: boolean
example: false
Disabled:
type: boolean
example: false
Email:
type: string
example: ""
Expired:
type: boolean
example: false
ExpiryDate:
nullable: true
example: ~
FirstName:
type: string
example: ""
LastName:
type: string
example: ""
Location:
type: string
example: "\\"
Source:
type: string
example: Internal
Suspended:
type: boolean
example: false
UserName:
type: string
example: Svc_AnsibleREST
UserTypeName:
type: string
example: EPVUser
examples:
200 OK:
value:
AgentUser: false
Disabled: false
Email: ""
Expired: false
ExpiryDate: ~
FirstName: ""
LastName: ""
Location: "\\"
Source: Internal
Suspended: false
UserName: Svc_AnsibleREST
UserTypeName: EPVUser
put:
tags:
- User Management
- Users
- v2 API12345
summary: Update User
description: This method updates an existing Vault user.
operationId: updateUser
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"NewPassword\":\"<string>\",\n\t\"Email\":\"<string>\",\n\t\"FirstName\":\"<string>\",\n\t\"LastName\":\"<string>\",\n\t\"ChangePasswordOnTheNextLogon\":<bool>,\n\t\"ExpiryDate\":\"<string>\",\n\t\"UserTypeName\":\"<string>\",\n\t\"Disabled\":<bool>,\n\t\"Location\":\"<string>\"\n}"
responses:
"200":
description: ""
delete:
tags:
- User Management
- Users
- v2 API12345
summary: Delete User
description: This method deletes a specific user in the Vault.
operationId: deleteUser
responses:
"200":
description: ""
parameters:
- name: UserID
in: path
required: true
schema:
type: string
"/PasswordVault/WebServices/PIMServices.svc/Users/{UserName}/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys":
get:
tags:
- User Management
- Public SSH Authentication
summary: Get Public SSH Key
description: "This method retrieves all public SSH keys that are authorized for a specific user.\n\nThe user who runs this web service requires the following permission in the Vault:\n\n* Reset Users' Passwords\n\nIn addition, the user who runs this web service must be in the same Vault Location or higher as the user whose public SSH keys are retrieved.\n\n**Note:** A user cannot manage their own public SSH keys."
operationId: getPublicSshKey
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "833"
Date:
schema:
type: string
example: "Wed, 21 Nov 2018 03:03:15 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
GetUserAuthorizedKeysResult:
type: array
items:
type: object
properties:
KeyID:
type: string
example: 9EE257E234F73FE335DF8049E72DC0F3
PublicSSHKey:
type: string
example: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ==
example:
- KeyID: 9EE257E234F73FE335DF8049E72DC0F3
PublicSSHKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ==
examples:
200 OK:
value:
GetUserAuthorizedKeysResult:
- KeyID: 9EE257E234F73FE335DF8049E72DC0F3
PublicSSHKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ==
post:
tags:
- User Management
- Public SSH Authentication
summary: Add a Public SSH Key
description: "This method adds an authorized public SSH key for a specific user in the Vault, allowing them to authenticate to the Vault through PSM for SSH using a corresponding private SSH key.\n\nThe user who runs this web service requires **Reset Users' Passwords** permissions in the Vault.\n\nIn addition, the user who runs this web service must be in the same Vault location as or higher than the user whose public SSH keys are added.\n\n**Note:** A user cannot manage their own public SSH keys."
operationId: addAPublicSshKey
requestBody:
content:
application/json:
schema:
type: object
properties:
PublicSSHKey:
type: string
example: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ==
example:
PublicSSHKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ==
responses:
"201":
description: 201 The public SSH key was added successfully
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "830"
Date:
schema:
type: string
example: "Wed, 21 Nov 2018 03:01:57 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
AddUserAuthorizedKeyResult:
type: object
properties:
KeyID:
type: string
example: 9EE257E234F73FE335DF8049E72DC0F3
PublicSSHKey:
type: string
example: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ==
examples:
201 The public SSH key was added successfully:
value:
AddUserAuthorizedKeyResult:
KeyID: 9EE257E234F73FE335DF8049E72DC0F3
PublicSSHKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ==
parameters:
- name: UserName
in: path
required: true
schema:
type: string
"/PasswordVault/WebServices/PIMServices.svc/Users/{UserName}/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys/{KeyID}":
delete:
tags:
- User Management
- Public SSH Authentication
summary: Delete Public SSH Key
description: "This method deletes an authorized public SSH key for a specific user in the Vault, preventing them from authenticating to the Vault via PSM for SSH using a corresponding private SSH key.\n\nThe user who runs this web service requires **Reset Users' Passwords** permission in the Vault.\n\nIn addition, the user who runs this web service must be in the same Vault location as or higher than the user whose public SSH keys are deleted.\n\n**Note:** A user cannot manage their own public SSH keys."
operationId: deletePublicSshKey
responses:
"200":
description: 200 The public SSH key was deleted successfully
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "0"
Date:
schema:
type: string
example: "Wed, 21 Nov 2018 03:05:36 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content: {}
parameters:
- name: UserName
in: path
required: true
schema:
type: string
- name: KeyID
in: path
required: true
schema:
type: string
/PasswordVault/WebServices/PIMServices.svc/Verify:
get:
tags:
- Server
summary: Verify
description: This method returns the display name of the Vault configured in the **ServerDisplayName** configuration parameter.
operationId: verify
requestBody:
content:
application/form-urlencoded:
schema:
type: object
properties: {}
example: {}
responses:
"200":
description: ""
/PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logoff:
post:
tags:
- Authentication
- v1 API123
summary: Logoff
description: This method logs off the user and removes the Vault session.
operationId: logoff2
responses:
"200":
description: ""
/PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logon:
post:
tags:
- Authentication
- v1 API123
summary: Logon
description: "This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method allows you to set a new password.\n\nUsers can authenticate using CyberArk, LDAP or RADIUS authentication."
operationId: logon1
requestBody:
content:
application/json:
schema:
type: object
properties:
connectionNumber:
type: string
example: "1"
password:
type: string
example: "{{apiPassword}}"
username:
type: string
example: "{{apiUsername}}"
example:
connectionNumber: "1"
password: "{{apiPassword}}"
username: "{{apiUsername}}"
responses:
"200":
description: ""
/PasswordVault/WebServices/auth/Shared/RestfulAuthenticationService.svc/Logoff:
post:
tags:
- Authentication
- Shared Logon Authentication
summary: Logoff
description: This method logs off the shared user and removes the Vault session.
operationId: logoff3
responses:
"200":
description: ""
/PasswordVault/WebServices/auth/Shared/RestfulAuthenticationService.svc/Logon:
post:
tags:
- Authentication
- Shared Logon Authentication
summary: Logon
description: "Shared authentication is based on a user credential file that is stored in the PVWA web server. During shared authentication, only the user defined in the credential file can log on to the PVWA, but multiple users can use the logon token.\n\nThis type of authentication **requires** the application using the REST services to manage the users as the Vault can't identify which specific user performs each action.\n\nMultiple concurrent connections can be created using the same token, without affecting each other.\n\nThe shared user is defined in a user credential file, whose location is specified in the WSCredentialFile parameter, in the appsettings section of the PVWAweb.config file:\n\n```\n<add key=\"WSCredentialFile\" value=\"C:\\CyberArk\\Password Vault Web Access\\CredFiles\\WSUser.ini\"/>\n```\n\n* Make sure that this user can access the PVWA interface.\n* Make sure the user only has the permissions in the Vault that they require.\n\nFor information about securing communication when using the SDK, refer to the following:\n\n* [Securing application-to-REST communication](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Securing%20Communication.htm)\n* [Configuring client authentication via certificates](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Configuring%20Client%20Authentication%20via%20Client%20Certificates.htm)\n\nThis method authenticates to the Vault with a shared webservices user and returns a token that will be used in subsequent web services calls.\n\nThis is supported for CyberArk authentication only, and not for third party authentication."
operationId: logon2
requestBody:
content:
text/plain:
schema:
type: string
example: ""
responses:
"200":
description: ""
/PasswordVault/api/Accounts:
get:
tags:
- Accounts
- v2 API
summary: Get Accounts
description: "This method returns a list of all the accounts in the Vault.\n\nThe user who runs this web service requires **List Accounts** permissions in the Safe."
operationId: getAccounts
parameters:
- name: search
in: query
schema:
type: string
example: DemoUser
description: "List of keywords to search for in accounts, separated by a space."
- name: searchType
in: query
schema:
type: string
example: contains
description: "Get accounts that either contain or start with the value specified in the Search parameter. Valid values: contains (default) or startswith."
- name: sort
in: query
schema:
type: string
example: UserName
description: "Property or properties by which to sort returned accounts, followed by asc (default) or desc to control sort direction. Separate multiple properties with commas, up to a maximum of three properties."
- name: offset
in: query
schema:
type: string
example: "25"
description: Offset of the first account that is returned in the collection of results.
- name: limit
in: query
schema:
type: string
example: "1000"
description: "Maximum number of returned accounts. If not specified, the default value is 50. The maximum number that can be specified is 1000."
- name: filter
in: query
schema:
type: string
example: "safeName eq {{Safe}}"
description: "Get accounts from a specific safe, using the safe name."
responses:
"200":
description: ""
post:
tags:
- Accounts
- v2 API
summary: Add Account
description: "This method adds a new privileged account or SSH key to the Vault.\n\nTo run this web service, a user requires the following permission in the Vault:\n\n* Add account\n\nAND either\n\n* Update password\n\nOR\n\n* Update password properties\n\n**Note:** You require an additional license to add SSH keys to the Vault. For more information, contact your CyberArk representative."
operationId: addAccount
requestBody:
content:
application/json:
schema:
type: object
properties:
address:
type: string
example: string
name:
type: string
example: string
platformAccountProperties:
type: object
properties:
LogonDomain:
type: string
example: string
Port:
type: string
example: integer
platformId:
type: string
example: string
remoteMachinesAccess:
type: object
properties:
accessRestrictedToRemoteMachines:
type: boolean
example: true
remoteMachines:
type: string
example: string
safeName:
type: string
example: string
secret:
type: string
example: string
secretManagement:
type: object
properties:
automaticManagementEnabled:
type: boolean
example: true
manualManagementReason:
type: string
example: string
secretType:
type: string
example: password
userName:
type: string
example: string
example:
address: string
name: string
platformAccountProperties:
LogonDomain: string
Port: integer
platformId: string
remoteMachinesAccess:
accessRestrictedToRemoteMachines: true
remoteMachines: string
safeName: string
secret: string
secretManagement:
automaticManagementEnabled: true
manualManagementReason: string
secretType: password
userName: string
responses:
"201":
description: Add Dual Account - 201 Created
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "481"
Date:
schema:
type: string
example: "Fri, 07 Feb 2020 19:04:06 GMT"
Expires:
schema:
type: string
example: "-1"
Location:
schema:
type: string
example: "https://cyberark.joegarcia.dev/PasswordVault/api/Accounts/29_7"
Pragma:
schema:
type: string
example: no-cache
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
api-supported-versions:
schema:
type: string
example: "11.0"
content:
application/json:
schema:
type: object
properties:
address:
type: string
example: db2.joegarcia.dev
createdTime:
type: number
example: 1581084295
id:
type: string
example: "29_7"
name:
type: string
example: Database-MySQL-db2.joegarcia.dev-cluster02sqluser01
platformAccountProperties:
type: object
properties:
DualAccountStatus:
type: string
example: Active
Index:
type: string
example: "1"
VirtualUsername:
type: string
example: cluster02sqluser
platformId:
type: string
example: MySQLServer-DualAccounts
safeName:
type: string
example: D-MySQL-Users
secretManagement:
type: object
properties:
automaticManagementEnabled:
type: boolean
example: false
lastModifiedTime:
type: number
example: 1581084295
manualManagementReason:
type: string
example: testing
secretType:
type: string
example: password
userName:
type: string
example: cluster02sqluser01
examples:
Add Dual Account - 201 Created:
value:
address: db2.joegarcia.dev
createdTime: 1581084295
id: "29_7"
name: Database-MySQL-db2.joegarcia.dev-cluster02sqluser01
platformAccountProperties:
DualAccountStatus: Active
Index: "1"
VirtualUsername: cluster02sqluser
platformId: MySQLServer-DualAccounts
safeName: D-MySQL-Users
secretManagement:
automaticManagementEnabled: false
lastModifiedTime: 1581084295
manualManagementReason: testing
secretType: password
userName: cluster02sqluser01
/PasswordVault/api/Accounts/AdHocConnect:
post:
tags:
- Accounts
- Account Actions
- v2 API1
summary: Ad-Hoc Connect through PSM
description: "This method allows you to connect through PSM without using an existing account, by returning settings that can be used with an RDP client application or for the HTML5 gateway.\n\nYou must enable Privileged Session Monitoring and ad-hoc connection via PVWA configuration. For more details, see [Ad Hoc Connections](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Secure-Connect.htm)."
operationId: adHocConnectThroughPsm
requestBody:
content:
application/json:
schema:
type: object
properties:
Address:
type: string
example: "<Address>"
PSMConnectPrerequisites:
type: object
properties:
ConnectionComponent:
type: string
example: "<Connection Component ID>"
ConnectionType:
type: string
example: "<RDPFile or PSMGW>"
PlatformId:
type: string
example: "<Secure Connect Platform>"
Secret:
type: string
example: "<password>"
UserName:
type: string
example: "<User Name>"
extraFields:
type: object
properties: {}
example:
Address: "<Address>"
PSMConnectPrerequisites:
ConnectionComponent: "<Connection Component ID>"
ConnectionType: "<RDPFile or PSMGW>"
PlatformId: "<Secure Connect Platform>"
Secret: "<password>"
UserName: "<User Name>"
extraFields: {}
responses:
"200":
description: ""
"/PasswordVault/api/Accounts/{AccountID}":
get:
tags:
- Accounts
- v2 API
summary: Get Account Details
description: "This method returns information about an account identified by its ID.\n\nThe user who runs this web service requires **List Accounts** permissions in the Safe where the account is located inside the Vault."
operationId: getAccountDetails
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "317"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:27:37 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
address:
type: string
example: 192.168.3.101
createdTime:
type: number
example: 1541876282
id:
type: string
example: "24_3"
name:
type: string
example: ANSIBLE-RESTAPI-USER
platformId:
type: string
example: JG-CyberArkVault
safeName:
type: string
example: D-CYBR-RESTAPI-ACCTS
secretManagement:
type: object
properties:
automaticManagementEnabled:
type: boolean
example: true
lastModifiedTime:
type: number
example: 1541876282
status:
type: string
example: success
secretType:
type: string
example: password
userName:
type: string
example: Svc_AnsibleREST
examples:
200 OK:
value:
address: 192.168.3.101
createdTime: 1541876282
id: "24_3"
name: ANSIBLE-RESTAPI-USER
platformId: JG-CyberArkVault
safeName: D-CYBR-RESTAPI-ACCTS
secretManagement:
automaticManagementEnabled: true
lastModifiedTime: 1541876282
status: success
secretType: password
userName: Svc_AnsibleREST
delete:
tags:
- Accounts
- v2 API
summary: Delete Account
description: "This method deletes a specific account in the Vault.\n\nThe user who runs this web service requires **Delete Accounts** permissions in the Vault."
operationId: deleteAccount
responses:
"200":
description: ""
patch:
tags:
- Accounts
- v2 API
summary: Update Account
description: "This method updates an existing account's details. It is not mandatory to send all the account’s details. Any changed values sent in the request will be updated. All other properties values will remain the same.\n\nOn each property, the following operations can be performed:\n\n* Replace - replace the existing value of a property\n* Remove (to remove the property from the account)\n* Add (to add that property to the account)\n\nIt is possible to set several properties using the same command using the following structure:\n\n```json\n[\n\t{\n\t \"op\": \"replace\",\n\t \"path\": \"/platformaccountproperties\",\n\t \"value\": \"{\n\t \\\"{PropertyID1}\\\":\\\"{Value}\\\",\n\t \\\"{PropertyID2}\\\":\\\"{Value}\\\",\n\t \\\"{PropertyID3}\\\":\\\"{Value}\\\"\n\t }\"\n\t}\n]\n```\n\nWhen sending several operations on the same property, only the last operation will affect the property."
operationId: updateAccount
requestBody:
content:
application/json:
schema:
type: array
items:
type: object
properties:
op:
type: string
example: replace
path:
type: string
example: /address
value:
type: string
example: NewAddress
example:
- op: replace
path: /address
value: NewAddress
- op: add
path: /port
value: "3306"
- op: remove
path: /ticketnumber
value: ""
example:
- op: replace
path: /address
value: NewAddress
- op: add
path: /port
value: "3306"
- op: remove
path: /ticketnumber
value: ""
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "271"
Date:
schema:
type: string
example: "Tue, 15 Jan 2019 17:39:16 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
address:
type: string
example: NewAddress
createdTime:
type: number
example: 1547468682
id:
type: string
example: "29_3"
name:
type: string
example: TEST-RESTAPI-uadmin
platformId:
type: string
example: WinDomain
safeName:
type: string
example: TEST-RESTAPI
secretManagement:
type: object
properties:
automaticManagementEnabled:
type: boolean
example: true
lastModifiedTime:
type: number
example: 1547468682
secretType:
type: string
example: password
userName:
type: string
example: u_admin
examples:
200 OK:
value:
address: NewAddress
createdTime: 1547468682
id: "29_3"
name: TEST-RESTAPI-uadmin
platformId: WinDomain
safeName: TEST-RESTAPI
secretManagement:
automaticManagementEnabled: true
lastModifiedTime: 1547468682
secretType: password
userName: u_admin
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/api/Accounts/{AccountID}/Password/Retrieve":
post:
tags:
- Accounts
- Account Actions
- v2 API1
summary: Get Password Value
description: "This method enables users to retrieve the password or SSH key of an existing account that is identified by its Account ID. It enables users to specify a reason and ticket ID, if required.\n\n**Note:** The ability to retrieve credentials using this REST API is intended for human use only and is not recommended for applications or automated processes, where application-based authentication is required.\n\nFor application or automated processes use cases, refer to the [AAM Credential Providers Online Help](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Default.htm)."
operationId: getPasswordValue
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"reason\":\"<Reason>\",\n\t\"TicketingSystemName\": \"<Ticketing system>\",\n\t\"TicketId\": \"<Ticketid>\",\n\t\"Version\": <version number>,\n\t\"ActionType\": \"<action type - show\\copy\\connect>\n\t\"isUse\": <true\\false>,\n\t\"Machine\": \"<my remote machine address>\"\n}"
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/api/Accounts/{AccountID}/Password/Update":
post:
tags:
- Accounts
- Account Actions
- v2 API1
summary: Change Password in the Vault Only
description: "This method enables users to set account credentials and change them in the Vault. This will not affect credentials on the target device.\n\nThe user who runs this web service requires **Update password value** permission in the Safe where the privileged account is stored."
operationId: changePasswordInTheVaultOnly
requestBody:
content:
application/json:
schema:
type: object
properties:
ChangeEntireGroup:
type: boolean
example: false
NewCredentials:
type: string
example: "<string>"
example:
ChangeEntireGroup: false
NewCredentials: "<string>"
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/PasswordVault/api/Accounts/{AccountID}/grantAdministrativeAccess":
post:
tags:
- Accounts
- Account Actions
- v2 API1
summary: Get Just in Time Access
description: "This method requests and receives access to a target Windows machine with administrative rights. The domain user who runs this web service will be added to the local Administrators group of the target machine.\n\n## Supported target machine environments\n\nJust in Time access is supported on the following end user machine environments:\n\n* Windows Server 2012/2012R2/2016\n* Windows 8, Windows 10\n\n## Configuration\n\nConfigure Just in Time access as described in [Configure Just in Time Access](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/11.3/en/Content/PASIMP/adhoc_access_admin.htm).\n\n## User permissions\n\nMake sure that all users who want to request access to the target Windows machine must have the following permission in the Safe:\n\n* List accounts"
operationId: getJustInTimeAccess
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
/PasswordVault/api/AutomaticOnboardingRules:
put:
tags:
- Onboarding Rules
summary: Update Onboarding Rule
description: Update Onboarding Rule
operationId: updateOnboardingRule
parameters:
- name: id
in: query
schema:
type: string
example: "1"
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"TargetPlatformId\": \"<platform ID>\",\n\t\"TargetSafeName\": \"<Safe name>\",\n\t\"IsAdminIDFilter\": <False>,\n\t\"MachineTypeFilter\": \"<Server>\",\n\t\"SystemTypeFilter\": \"<Windows>\",\n\t\"UserNameFilter\": \"<filter>\",\n\t\"UserNameMethod\": \"<Begins>\",\n\t\"AddressFilter\": \"<filter>\",\n\t\"AddressMethod\": \"<Equals>\",\n\t\"AccountCategoryFilter\": \"<Any>\",\n\t\"RuleName\": \"<rule name>\",\n\t\"RuleDescription\": \"<description>\"\n}"
responses:
"200":
description: ""
post:
tags:
- Onboarding Rules
summary: Add Onboarding Rule
description: "This method adds a new onboarding rule to the Vault that filters discovered local privileged pending accounts. When a discovered pending account matches a rule, it will automatically be onboarded to the Safe that is defined in the rule and the password will be reconciled.\r\nNote: The Safe and the reconcile account must be created according to the rule’s definition before you run this API in order to onboard the pending account automatically. The reconcile account must be associated to the platform that is defined in the rule.\r\nThe user who runs this web service must belong to the following group:\r\n- Vault Admins"
operationId: addOnboardingRule
requestBody:
content:
application/json:
schema:
type: object
properties:
DecisionPlatformId:
type: string
example: WinLocalAccount
DecisionSafeName:
type: string
example: "{{Safe}}"
IsAdminUIDFilter:
type: string
example: "true"
MachineTypeFilter:
type: string
example: Server
SystemTypeFilter:
type: string
example: Windows
UserNameFilter:
type: string
example: ""
example:
DecisionPlatformId: WinLocalAccount
DecisionSafeName: "{{Safe}}"
IsAdminUIDFilter: "true"
MachineTypeFilter: Server
SystemTypeFilter: Windows
UserNameFilter: ""
responses:
"200":
description: ""
/PasswordVault/api/AutomaticOnboardingRules/:
get:
tags:
- Onboarding Rules
summary: Get Onboarding Rule
description: "This method returns information about all the defined onboarding rules.\r\nThe user who runs this web service must belong to the following group:\r\n- Vault Admins"
operationId: getOnboardingRule
responses:
"200":
description: ""
delete:
tags:
- Onboarding Rules
summary: Delete Onboarding Rule
description: "This method deletes an automatic onboarding rule from the Vault.\r\nThe user who runs this web service must belong to the following group:\r\n- Vault Admins"
operationId: deleteOnboardingRule
parameters:
- name: id
in: query
schema:
type: string
example: "1"
requestBody:
content:
application/octet-stream:
schema:
type: string
responses:
"200":
description: ""
/PasswordVault/api/Configuration/AuthenticationMethods:
get:
tags:
- Authentication
- Authentication Methods Config
summary: Get Authentication Methods
description: This method returns a list of all existing authentication methods. Any user who is a member of the Vault admins group can run this web service.
operationId: getAuthenticationMethods
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache,no-store, no-cache, must-revalidate"
Content-Length:
schema:
type: string
example: "1674"
Date:
schema:
type: string
example: "Thu, 24 Sep 2020 00:43:30 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: "no-cache,no-cache"
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
Methods:
type: array
items:
type: object
properties:
displayName:
type: string
example: ""
enabled:
type: boolean
example: false
id:
type: string
example: windows
logoffUrl:
type: string
example: ""
mobileEnabled:
type: boolean
example: false
passwordFieldLabel:
type: string
example: ""
secondFactorAuth:
type: string
nullable: true
example: ~
signInLabel:
type: string
example: ""
usernameFieldLabel:
type: string
example: ""
example:
- displayName: ""
enabled: false
id: windows
logoffUrl: ""
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
- displayName: ""
enabled: false
id: pki
logoffUrl: ""
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
- displayName: ""
enabled: true
id: cyberark
logoffUrl: ""
mobileEnabled: true
passwordFieldLabel: ""
secondFactorAuth: cyberark
signInLabel: ""
usernameFieldLabel: ""
- displayName: ""
enabled: false
id: oraclesso
logoffUrl: "http://[ssoserver]:7777/sso/logout?p_done_url=http://[iisserver]/PasswordVault"
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
- displayName: ""
enabled: false
id: rsa
logoffUrl: /WebID/IISWebAgentIF.dll?logoff?referrer=/passwordvault
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
- displayName: Duo (RADIUS)
enabled: true
id: radius
logoffUrl: ""
mobileEnabled: true
passwordFieldLabel: ""
secondFactorAuth: radius
signInLabel: ""
usernameFieldLabel: ""
- displayName: ""
enabled: true
id: ldap
logoffUrl: ""
mobileEnabled: true
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
- displayName: IDaptive SAML
enabled: true
id: saml
logoffUrl: "https://tentantid.my.idaptive.app/applogout/appkey/acredacted/customerid/redacted"
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
examples:
200 OK:
value:
Methods:
- displayName: ""
enabled: false
id: windows
logoffUrl: ""
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
- displayName: ""
enabled: false
id: pki
logoffUrl: ""
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
- displayName: ""
enabled: true
id: cyberark
logoffUrl: ""
mobileEnabled: true
passwordFieldLabel: ""
secondFactorAuth: cyberark
signInLabel: ""
usernameFieldLabel: ""
- displayName: ""
enabled: false
id: oraclesso
logoffUrl: "http://[ssoserver]:7777/sso/logout?p_done_url=http://[iisserver]/PasswordVault"
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
- displayName: ""
enabled: false
id: rsa
logoffUrl: /WebID/IISWebAgentIF.dll?logoff?referrer=/passwordvault
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
- displayName: Duo (RADIUS)
enabled: true
id: radius
logoffUrl: ""
mobileEnabled: true
passwordFieldLabel: ""
secondFactorAuth: radius
signInLabel: ""
usernameFieldLabel: ""
- displayName: ""
enabled: true
id: ldap
logoffUrl: ""
mobileEnabled: true
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
- displayName: IDaptive SAML
enabled: true
id: saml
logoffUrl: "https://tentantid.my.idaptive.app/applogout/appkey/acredacted/customerid/redacted"
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
post:
tags:
- Authentication
- Authentication Methods Config
summary: Add Authentication Method
description: This method adds a new authentication method. Any user who is a member of the Vault admins group can run this web service.
operationId: addAuthenticationMethod
requestBody:
content:
application/json:
schema:
type: object
properties:
displayName:
type: string
example: IDaptive SAML
enabled:
type: boolean
example: true
id:
type: string
example: saml
logoffUrl:
type: string
example: "https://domain.com/idp/logoff"
mobileEnabled:
type: boolean
example: false
passwordFieldLabel:
type: string
example: ""
secondFactorAuth:
nullable: true
example: ~
signInLabel:
type: string
example: ""
usernameFieldLabel:
type: string
example: ""
example:
displayName: IDaptive SAML
enabled: true
id: saml
logoffUrl: "https://domain.com/idp/logoff"
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
responses:
"200":
description: ""
"/PasswordVault/api/Configuration/AuthenticationMethods/{authID}":
get:
tags:
- Authentication
- Authentication Methods Config
summary: Get Specific Authentication Method
description: This method returns a specific authentication method. Any user who is a member of the Vault Admins group can run this web service.
operationId: getSpecificAuthenticationMethod
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache,no-store, no-cache, must-revalidate"
Content-Length:
schema:
type: string
example: "288"
Date:
schema:
type: string
example: "Thu, 24 Sep 2020 00:45:20 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: "no-cache,no-cache"
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
displayName:
type: string
example: IDaptive SAML
enabled:
type: boolean
example: true
id:
type: string
example: saml
logoffUrl:
type: string
example: "https://tenantid.my.idaptive.app/applogout/appkey/acredacted/customerid/redacted"
mobileEnabled:
type: boolean
example: false
passwordFieldLabel:
type: string
example: ""
secondFactorAuth:
nullable: true
example: ~
signInLabel:
type: string
example: ""
usernameFieldLabel:
type: string
example: ""
examples:
200 OK:
value:
displayName: IDaptive SAML
enabled: true
id: saml
logoffUrl: "https://tenantid.my.idaptive.app/applogout/appkey/acredacted/customerid/redacted"
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
put:
tags:
- Authentication
- Authentication Methods Config
summary: Update Authentication Method
description: This method updates the properties for a specific authentication method. Any user who is a member of the Vault admins group can run this web service.
operationId: updateAuthenticationMethod
requestBody:
content:
application/json:
schema:
type: object
properties:
displayName:
type: string
example: ""
enabled:
type: boolean
example: true
logoffUrl:
type: string
example: "https://domain.com/idp/logoff"
mobileEnabled:
type: boolean
example: false
passwordFieldLabel:
type: string
example: ""
secondFactorAuth:
nullable: true
example: ~
signInLabel:
type: string
example: ""
usernameFieldLabel:
type: string
example: ""
example:
displayName: ""
enabled: true
logoffUrl: "https://domain.com/idp/logoff"
mobileEnabled: false
passwordFieldLabel: ""
secondFactorAuth: ~
signInLabel: ""
usernameFieldLabel: ""
responses:
"200":
description: ""
parameters:
- name: authID
in: path
required: true
schema:
type: string
/PasswordVault/api/Configuration/LDAP/Directories:
get:
tags:
- LDAP Integration
- LDAP Directories
summary: Get Directories
description: "This method returns a list of existing directories in the Vault. Each directory will be returned with its own data.\n\nTo run this web service, the user must be a member of the Vault Admins group."
operationId: getDirectories
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "80"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:24:35 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: array
items:
type: object
properties:
DomainBaseContext:
type: string
example: "DC=cyberarkdemo,DC=com"
DomainName:
type: string
example: cyberarkdemo.com
example:
- DomainBaseContext: "DC=cyberarkdemo,DC=com"
DomainName: cyberarkdemo.com
examples:
200 OK:
value:
- DomainBaseContext: "DC=cyberarkdemo,DC=com"
DomainName: cyberarkdemo.com
post:
tags:
- LDAP Integration
- LDAP Directories
summary: Create Directory
description: "This method creates a directory in the Vault. Any user who is a member of the Vault Admins group can run this web service.\n\nCreating a new directory in the Vault sets up an automated process that obtains user identification and security information via LDAP, and that automatically provisions Vault users based on the external user account, group membership, and attributes."
operationId: createDirectory
requestBody:
content:
application/json:
schema:
type: object
properties:
BindPassword:
type: string
example: string
BindUsername:
type: string
example: string
DirectoryType:
type: string
example: MicrosoftADProfile.ini
DomainBaseContext:
type: string
example: string
DomainName:
type: string
example: string
HostAddresses:
type: array
items:
type: string
example: string
example:
- string
Port:
type: number
example: 389
example:
BindPassword: string
BindUsername: string
DirectoryType: MicrosoftADProfile.ini
DomainBaseContext: string
DomainName: string
HostAddresses:
- string
Port: 389
responses:
"201":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "829"
Date:
schema:
type: string
example: "Fri, 14 Dec 2018 19:51:00 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
AdditionalQueryFilterOptimize:
type: boolean
example: false
AppendFriendlyDomainNameToGroup:
type: boolean
example: false
Authentication:
type: boolean
example: false
BindPassword:
type: string
example: Cyberark1
BindUsername:
type: string
example: Svc_PAS_ADBind
ClientBrowsing:
type: boolean
example: false
DCList:
nullable: true
example: ~
DirectoryType:
type: string
example: MicrosoftADProfile.ini
DisablePaging:
type: boolean
example: false
DisableUserEnumeration:
type: boolean
example: false
DomainBaseContext:
type: string
example: "DC=cyberarkdemo,DC=com"
DomainName:
type: string
example: cyberarkdemo.com
ExternalObjectCreation:
type: boolean
example: false
HostAddresses:
type: array
items:
type: string
example: 192.168.3.50
example:
- 192.168.3.50
LDAPDirectoryDescription:
nullable: true
example: ~
LDAPDirectoryGroupBaseContext:
nullable: true
example: ~
LDAPDirectoryName:
nullable: true
example: ~
LDAPDirectoryQueryOrder:
type: number
example: 0
LDAPDirectoryUsage:
nullable: true
example: ~
PasswordObjectPath:
nullable: true
example: ~
Port:
type: number
example: 389
ProvisionDisabledUsers:
type: boolean
example: false
ReferralsChasingHopLimit:
type: number
example: 0
ReferralsDNSLookup:
type: boolean
example: false
RequireReferredDirectoryDefinition:
type: boolean
example: false
SSLConnect:
type: boolean
example: false
UseLDAPCertificatesOnly:
type: boolean
example: false
VaultObjectNamesPrefix:
nullable: true
example: ~
examples:
200 OK:
value:
AdditionalQueryFilterOptimize: false
AppendFriendlyDomainNameToGroup: false
Authentication: false
BindPassword: Cyberark1
BindUsername: Svc_PAS_ADBind
ClientBrowsing: false
DCList: ~
DirectoryType: MicrosoftADProfile.ini
DisablePaging: false
DisableUserEnumeration: false
DomainBaseContext: "DC=cyberarkdemo,DC=com"
DomainName: cyberarkdemo.com
ExternalObjectCreation: false
HostAddresses:
- 192.168.3.50
LDAPDirectoryDescription: ~
LDAPDirectoryGroupBaseContext: ~
LDAPDirectoryName: ~
LDAPDirectoryQueryOrder: 0
LDAPDirectoryUsage: ~
PasswordObjectPath: ~
Port: 389
ProvisionDisabledUsers: false
ReferralsChasingHopLimit: 0
ReferralsDNSLookup: false
RequireReferredDirectoryDefinition: false
SSLConnect: false
UseLDAPCertificatesOnly: false
VaultObjectNamesPrefix: ~
"/PasswordVault/api/Configuration/LDAP/Directories/{DirectoryUID}/Mappings":
get:
tags:
- LDAP Integration
- LDAP Mappings
summary: Get Directory Mapping List
description: "This method returns a list of existing directory mappings in the Vault.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permissions:\n\n* Manage Directory Mapping"
operationId: getDirectoryMappingList
responses:
"200":
description: ""
post:
tags:
- LDAP Integration
- LDAP Mappings
summary: Create Directory Mapping
description: "This method creates a directory mapping in the Vault.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permissions:\n\n* Audit Users\n* Add/Update users\n* Manage Directory Mapping"
operationId: createDirectoryMapping
requestBody:
content:
application/json:
schema:
type: object
properties:
DomainGroups:
type: array
items:
type: string
example: TestDomainGroup
example:
- TestDomainGroup
LDAPBranch:
type: string
example: "OU=Test,DC=cyberarkdemo,DC=com"
MappingAuthorizations:
type: array
items:
type: number
example: 1
example:
- 1
MappingName:
type: string
example: Test
example:
DomainGroups:
- TestDomainGroup
LDAPBranch: "OU=Test,DC=cyberarkdemo,DC=com"
MappingAuthorizations:
- 1
MappingName: Test
responses:
"200":
description: ""
parameters:
- name: DirectoryUID
in: path
required: true
schema:
type: string
"/PasswordVault/api/Configuration/LDAP/Directories/{DirectoryUID}/Mappings/Reorder":
post:
tags:
- LDAP Integration
- LDAP Mappings
summary: Reorder Directory Mappings
description: "This method modifies the order of all mappings that belong to a certain directory.\n\nModifying the order of the mappings changes their priority.\n\nTo run this Web service, you must be a member of the Vault Admins group and have the following permissions:\n\n* Audit users\n* Add/Update users\n* Manage Directory mappings"
operationId: reorderDirectoryMappings
requestBody:
content:
text/plain:
schema:
type: string
example: "{\n\t\"MappingsOrder\": [ <mapping id 1>, <mapping id 2>, ..., <mapping id N> ]\n}"
responses:
"200":
description: ""
parameters:
- name: DirectoryUID
in: path
required: true
schema:
type: string
"/PasswordVault/api/Configuration/LDAP/Directories/{DirectoryUID}/Mappings/{MappingID}":
get:
tags:
- LDAP Integration
- LDAP Mappings
summary: Get Mapping Details
description: "This method returns all the details of specific directory mapping that is defined in the Vault.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permissions:\n\n* Add/Update users\n* Manage Directory Mapping"
operationId: getMappingDetails
responses:
"200":
description: ""
put:
tags:
- LDAP Integration
- LDAP Mappings
summary: Edit Directory Mapping
description: "This method edits an existing directory mapping.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permissions:\n\n* Audit users\n* Add/Update users\n* Manage Directory Mapping"
operationId: editDirectoryMapping
requestBody:
content:
application/json:
schema:
type: object
properties:
AuthenticationMethod:
type: array
items:
type: string
example: AuthTypePass
example:
- AuthTypePass
DirectoryMappingOrder:
type: number
example: 0
DisableUser:
type: boolean
example: true
DomainGroups:
type: array
items:
type: string
example: string
example:
- string
LDAPBranch:
type: string
example: string
LDAPQuery:
type: string
example: string
Location:
type: string
example: string
LogonFromHour:
type: number
example: 0
LogonToHour:
type: number
example: 0
MappingAuthorizations:
type: array
items:
type: string
example: AddUpdateUsers
example:
- AddUpdateUsers
MappingID:
type: number
example: 0
MappingName:
type: string
example: string
UserActivityLogPeriod:
type: number
example: 0
UserExpiration:
type: number
example: 0
UserType:
type: string
example: string
VaultGroups:
type: array
items:
type: string
example: string
example:
- string
example:
AuthenticationMethod:
- AuthTypePass
DirectoryMappingOrder: 0
DisableUser: true
DomainGroups:
- string
LDAPBranch: string
LDAPQuery: string
Location: string
LogonFromHour: 0
LogonToHour: 0
MappingAuthorizations:
- AddUpdateUsers
MappingID: 0
MappingName: string
UserActivityLogPeriod: 0
UserExpiration: 0
UserType: string
VaultGroups:
- string
responses:
"200":
description: ""
delete:
tags:
- LDAP Integration
- LDAP Mappings
summary: Delete Directory Mapping
description: "This method deletes a specific directory mapping.\n\nTo run this method you must:\n\n* Be a member of Vault Admin group and have the Manage Directory Mapping authorization.\n* Have at least all the authorizations that the mapping has.\n \t\n**Note:** After a mapping is deleted, LDAP users created in the Vault and are mapped to this mapping, are automatically deleted from the vault during the next periodic LDAP sync. For details, see [Synchronize External Users and Groups in the Vault with the External Directory](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20INST/Synchronizing-External-Users-and-Groups-in-the-Vault-with-the-External-Directory.htm)"
operationId: deleteDirectoryMapping
requestBody:
content:
text/plain:
schema:
type: string
example: ""
responses:
"200":
description: ""
parameters:
- name: DirectoryUID
in: path
required: true
schema:
type: string
- name: MappingID
in: path
required: true
schema:
type: string
"/PasswordVault/api/Configuration/LDAP/Directories/{LDAPID}":
delete:
tags:
- LDAP Integration
- LDAP Directories
summary: Delete Directory
description: "This method deletes a specific directory configuration in the Vault and its mappings.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permissions:\n\n* Audit users\n* Add/Update users\n* Manage Directory mappings\n* Add Safes\n* Reset Users' Passwords\n* Activate Users\n* Add Network Areas\n* Manage Server File Categories\n* Backup All Safes\n* Restore All Safes\n\n**Caution:** After a mapping has been deleted, all LDAP users that were created in the Vault and are mapped to that mapping will be automatically deleted in the Vault during the next periodic LDAP synchronization."
operationId: deleteDirectory
responses:
"200":
description: ""
parameters:
- name: LDAPID
in: path
required: true
schema:
type: string
"/PasswordVault/api/Configuration/LDAP/Directories/{LDAPID}/":
get:
tags:
- LDAP Integration
- LDAP Directories
summary: Get Directory Details
description: "This method returns all the details of a specific directory in the Vault. Each directory will be returned with its own data.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permission:\n\n* Audit Users"
operationId: getDirectoryDetails
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "926"
Date:
schema:
type: string
example: "Wed, 21 Nov 2018 02:20:16 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
AdditionalQueryFilterOptimize:
type: boolean
example: true
AppendFriendlyDomainNameToGroup:
type: boolean
example: false
Authentication:
type: boolean
example: true
BindPassword:
type: string
example: ""
BindUsername:
type: string
example: Svc_CyberArkLDAPBind
ClientBrowsing:
type: boolean
example: true
DCList:
type: array
items:
type: object
properties:
Name:
type: string
example: 192.168.3.100
Port:
type: number
example: 389
SSLConnect:
type: boolean
example: false
example:
- Name: 192.168.3.100
Port: 389
SSLConnect: false
DirectoryType:
type: string
example: MicrosoftADProfile.ini
DisablePaging:
type: boolean
example: false
DisableUserEnumeration:
type: boolean
example: false
DomainBaseContext:
type: string
example: "DC=cyberarkdemo,DC=com"
DomainName:
type: string
example: ""
ExternalObjectCreation:
type: boolean
example: true
LDAPDirectoryDescription:
type: string
example: ""
LDAPDirectoryGroupBaseContext:
type: string
example: "DC=cyberarkdemo,DC=com"
LDAPDirectoryName:
type: string
example: cyberarkdemo.com
LDAPDirectoryQueryOrder:
type: number
example: 1
LDAPDirectoryUsage:
type: array
items:
type: string
example: ExternalObjectCreation
example:
- ExternalObjectCreation
- ClientBrowsing
- Authentication
PasswordObjectPath:
type: string
example: "root\\cyberarkdemo.com.pass"
ProvisionDisabledUsers:
type: boolean
example: false
ReferralsChasingHopLimit:
type: number
example: -1
ReferralsDNSLookup:
type: boolean
example: false
RequireReferredDirectoryDefinition:
type: boolean
example: false
SSLConnect:
type: boolean
example: false
UseLDAPCertificatesOnly:
type: boolean
example: false
VaultObjectNamesPrefix:
type: string
example: ""
examples:
200 OK:
value:
AdditionalQueryFilterOptimize: true
AppendFriendlyDomainNameToGroup: false
Authentication: true
BindPassword: ""
BindUsername: Svc_CyberArkLDAPBind
ClientBrowsing: true
DCList:
- Name: 192.168.3.100
Port: 389
SSLConnect: false
DirectoryType: MicrosoftADProfile.ini
DisablePaging: false
DisableUserEnumeration: false
DomainBaseContext: "DC=cyberarkdemo,DC=com"
DomainName: ""
ExternalObjectCreation: true
LDAPDirectoryDescription: ""
LDAPDirectoryGroupBaseContext: "DC=cyberarkdemo,DC=com"
LDAPDirectoryName: cyberarkdemo.com
LDAPDirectoryQueryOrder: 1
LDAPDirectoryUsage:
- ExternalObjectCreation
- ClientBrowsing
- Authentication
PasswordObjectPath: "root\\cyberarkdemo.com.pass"
ProvisionDisabledUsers: false
ReferralsChasingHopLimit: -1
ReferralsDNSLookup: false
RequireReferredDirectoryDefinition: false
SSLConnect: false
UseLDAPCertificatesOnly: false
VaultObjectNamesPrefix: ""
parameters:
- name: LDAPID
in: path
required: true
schema:
type: string
/PasswordVault/api/DiscoveredAccounts:
post:
tags:
- Accounts
- Discovered Accounts
- v1 API12
summary: Add Discovered Accounts (v10.5-v10.7)
description: "This RPC service adds newly discovered accounts.\n\nThe discovered account is onboarded according to matching onboarding rules or added directly to the Pending Accounts list.\n\nIf the account already exists in the Pending Account list, it will be updated as needed.\n\nIf onboarding failed for any reason, the account will be added to the Pending Accounts list.\n\nThe user who runs this web service requires the following users and permissions:\n\nTo add pending accounts:\n\n* **User:** Owner of PasswordManager_Pending Safe\n* **Permissions:**\n * Add account\n * Update account properties\n\nTo onboard the account:\n\n* **User:** Owner of the target Safe of the onboarding rule.\n* **Permissions:**\n * Add account\n * Update account properties\n * Initiate CPM account management operations"
operationId: addDiscoveredAccountsV105V107
requestBody:
content:
application/json:
schema:
type: object
properties:
OrganizationalUnit:
type: string
example: "CN=WINSERVER, OU=QA testing,DC=IT,DC=com"
accountEnabled:
type: boolean
example: true
additionalProperties:
type: object
properties:
Port:
type: number
example: 445
UserDN:
type: string
example: "CN=user1,CN=Users,DC=example,DC=com"
address:
type: string
example: win8.IT.com
description:
type: string
example: User Description
domain:
type: string
example: MyDomain.com
lastLogonDateTime:
type: string
example: "1530635686"
lastPasswordSetDateTime:
type: string
example: "1530635686"
osFamily:
type: string
example: Server
osGroups:
type: string
example: "Backup Operators,IIS_IUSRS,Network Configuration Operators"
osVersion:
type: string
example: Windows Server 2012 R2 Standard
passwordExpirationDateTime:
type: string
example: "1530635686"
passwordNeverExpires:
type: boolean
example: false
platformType:
type: string
example: Windows Server Local
platformTypeAccountProperties:
type: object
properties:
SID:
type: string
example: S-1-5-21-304654729-3147011263-1431158397-3154
privileged:
type: boolean
example: false
userDisplayName:
type: string
example: User Display Name
userName:
type: string
example: user_dd
example:
OrganizationalUnit: "CN=WINSERVER, OU=QA testing,DC=IT,DC=com"
accountEnabled: true
additionalProperties:
Port: 445
UserDN: "CN=user1,CN=Users,DC=example,DC=com"
address: win8.IT.com
description: User Description
domain: MyDomain.com
lastLogonDateTime: "1530635686"
lastPasswordSetDateTime: "1530635686"
osFamily: Server
osGroups: "Backup Operators,IIS_IUSRS,Network Configuration Operators"
osVersion: Windows Server 2012 R2 Standard
passwordExpirationDateTime: "1530635686"
passwordNeverExpires: false
platformType: Windows Server Local
platformTypeAccountProperties:
SID: S-1-5-21-304654729-3147011263-1431158397-3154
privileged: false
userDisplayName: User Display Name
userName: user_dd
responses:
"200":
description: ""
"/PasswordVault/api/LiveSessions/{LiveSessionID}/Monitor":
get:
tags:
- Monitor Sessions
- Session Actions
summary: Monitor a Live Session
description: "This method enables you to monitor an active PSM session using a connection method defined in the PVWA. For details on configuration, see [Active session monitoring settings](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Live-Session-Monitoring.htm#ActiveSessionMonitoringSettings).\n\nA response header defines which connection method is returned.\n\nFor details, see [Privileged Session Management Interface](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-the-Privileged-Session-Management-Interface.htm)."
operationId: monitorALiveSession
responses:
"200":
description: ""
parameters:
- name: LiveSessionID
in: path
required: true
schema:
type: string
"/PasswordVault/api/Platforms/{PlatformName}/Safes":
get:
tags:
- Safes
summary: Get Safe by Platform ID
description: This method returns all the safes according to the platform ID.
operationId: getSafeByPlatformId
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
/PasswordVault/api/Safes:
get:
tags:
- Safes
- v2 API1234
summary: List Safes
description: This method returns information about all of the user’s Safes in the Vault.
operationId: listSafes
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "4385"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:15:54 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
GetSafesResult:
type: array
items:
type: object
properties:
Description:
type: string
nullable: true
example: ~
ManagingCPM:
type: string
example: PasswordManagerNG
NumberOfDaysRetention:
nullable: true
example: ~
NumberOfVersionsRetention:
type: number
example: 0
OLACEnabled:
type: boolean
example: false
SafeName:
type: string
example: AccountsFeedADAccounts
example:
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: AccountsFeedADAccounts
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: AccountsFeedDiscoveryLogs
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-CYBR-RESTAPI-ACCTS
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-LIN-ADMIN-USERS
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-LIN-ROOT-SSHKEYS
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-MYSQL-LOCAL-USERS
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-QUALYS-ACCTS
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-TENABLE-ACCTS
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-TEST-SAFE
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: Notification Engine
- Description: ""
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: P-WIN-LOCAL-ADMIN
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManager
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManager_Info
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManager_Pending
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManagerNG
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManagerNG_Info
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManagerShared
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PSMPADBridgeCustom
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: true
SafeName: PSMPADBUserProfile
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PSMUniversalConnectors
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: true
SafeName: PSMUnmanagedSessionAccounts
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PVWAConfig
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PVWAPublicData
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: true
SafeName: PVWAReports
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: true
SafeName: PVWATaskDefinitions
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PVWATicketingSystem
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PVWAUserPrefs
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: VaultInternal
examples:
200 OK:
value:
GetSafesResult:
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: AccountsFeedADAccounts
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: AccountsFeedDiscoveryLogs
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-CYBR-RESTAPI-ACCTS
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-LIN-ADMIN-USERS
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-LIN-ROOT-SSHKEYS
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-MYSQL-LOCAL-USERS
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-QUALYS-ACCTS
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-TENABLE-ACCTS
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: D-TEST-SAFE
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: Notification Engine
- Description: ""
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: P-WIN-LOCAL-ADMIN
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManager
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManager_Info
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManager_Pending
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManagerNG
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManagerNG_Info
- Description: ~
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PasswordManagerShared
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PSMPADBridgeCustom
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: true
SafeName: PSMPADBUserProfile
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PSMUniversalConnectors
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: true
SafeName: PSMUnmanagedSessionAccounts
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PVWAConfig
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PVWAPublicData
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: true
SafeName: PVWAReports
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: true
SafeName: PVWATaskDefinitions
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PVWATicketingSystem
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: PVWAUserPrefs
- Description: ~
ManagingCPM: ""
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 0
OLACEnabled: false
SafeName: VaultInternal
"/PasswordVault/api/Safes/{Safe}":
get:
tags:
- Safes
- v2 API1234
summary: Get Safe Details
description: This method returns information about a specific Safe in the Vault.
operationId: getSafeDetails
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "180"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:16:41 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
GetSafeResult:
type: object
properties:
Description:
type: string
example: ""
ManagingCPM:
type: string
example: PasswordManagerNG
NumberOfDaysRetention:
nullable: true
example: ~
NumberOfVersionsRetention:
type: number
example: 5
OLACEnabled:
type: boolean
example: false
SafeName:
type: string
example: P-WIN-LOCAL-ADMIN
examples:
200 OK:
value:
GetSafeResult:
Description: ""
ManagingCPM: PasswordManagerNG
NumberOfDaysRetention: ~
NumberOfVersionsRetention: 5
OLACEnabled: false
SafeName: P-WIN-LOCAL-ADMIN
parameters:
- name: Safe
in: path
required: true
schema:
type: string
/PasswordVault/api/UserGroups:
get:
tags:
- User Management
- Groups
- v2 API123456
summary: Get Groups
description: "This method returns a list of all existing user groups.\n\nThe user performing this task:\n\n* Must have **Audit users** permissions in the Safe.\n* Can see groups either **only** on the **same** level, or **lower** in the Vault hierarchy.\n\nThis depends on the HideVaultUsersTree parameter defined in the dbparam.ini. If HideVaultUsersTree is set to **No**, all groups will be returned (not only those in the same level or lower in the Vault hierarchy). If this parameter is set to **Yes**, only auditors and managers will be allowed to get all groups.\n \t\n**Note:**\n* Filtering for this task is supported only from Vault v10.5.\n* Retrieving more than 1,000 groups may cause a slowdown in response."
operationId: getGroups
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache, no-store, must-revalidate"
Content-Length:
schema:
type: string
example: "1831"
Date:
schema:
type: string
example: "Sun, 11 Nov 2018 21:23:56 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: no-cache
Server:
schema:
type: string
example: Microsoft-IIS/10.0
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
count:
type: number
example: 16
value:
type: array
items:
type: object
properties:
description:
type: string
example: ""
directory:
type: string
example: cyberarkdemo.com
dn:
type: string
example: "CN=CyberArk Vault Admins,OU=Groups,OU=CyberArk,DC=cyberarkdemo,DC=com"
groupName:
type: string
example: CyberArk Vault Admins
groupType:
type: string
example: Directory
id:
type: number
example: 26
location:
type: string
example: "\\"
example:
- description: ""
directory: cyberarkdemo.com
dn: "CN=CyberArk Vault Admins,OU=Groups,OU=CyberArk,DC=cyberarkdemo,DC=com"
groupName: CyberArk Vault Admins
groupType: Directory
id: 26
location: "\\"
- description: ""
directory: cyberarkdemo.com
dn: "CN=CyberArk Auditors,OU=Groups,OU=CyberArk,DC=cyberarkdemo,DC=com"
groupName: CyberArk Auditors
groupType: Directory
id: 27
location: "\\"
- description: Auditors group
groupName: Auditors
groupType: Vault
id: 8
location: "\\"
- description: Notification Engines group
groupName: Notification Engines
groupType: Vault
id: 12
location: "\\"
- description: ""
groupName: PVWAMonitor
groupType: Vault
id: 18
location: "\\"
- description: ""
groupName: PVWAUsers
groupType: Vault
id: 19
location: "\\"
- description: ""
groupName: PVWAGWAccounts
groupType: Vault
id: 20
location: "\\"
- description: ""
groupName: PVWAAppUsers
groupType: Vault
id: 21
location: "\\"
- description: ""
groupName: PSMMaster
groupType: Vault
id: 40
location: "\\"
- description: ""
groupName: PSMAppUsers
groupType: Vault
id: 41
location: "\\"
- description: ""
groupName: PSMP_ADB_AppUsers
groupType: Vault
id: 43
location: "\\"
- description: ""
groupName: PSMLiveSessionTerminators
groupType: Vault
id: 48
location: "\\"
- description: Backup users group
groupName: Backup Users
groupType: Vault
id: 7
location: "\\System"
- description: Operators group
groupName: Operators
groupType: Vault
id: 9
location: "\\System"
- description: DR users group
groupName: DR Users
groupType: Vault
id: 10
location: "\\System"
- description: Vault Admins group
groupName: Vault Admins
groupType: Vault
id: 11
location: "\\System"
examples:
200 OK:
value:
count: 16
value:
- description: ""
directory: cyberarkdemo.com
dn: "CN=CyberArk Vault Admins,OU=Groups,OU=CyberArk,DC=cyberarkdemo,DC=com"
groupName: CyberArk Vault Admins
groupType: Directory
id: 26
location: "\\"
- description: ""
directory: cyberarkdemo.com
dn: "CN=CyberArk Auditors,OU=Groups,OU=CyberArk,DC=cyberarkdemo,DC=com"
groupName: CyberArk Auditors
groupType: Directory
id: 27
location: "\\"
- description: Auditors group
groupName: Auditors
groupType: Vault
id: 8
location: "\\"
- description: Notification Engines group
groupName: Notification Engines
groupType: Vault
id: 12
location: "\\"
- description: ""
groupName: PVWAMonitor
groupType: Vault
id: 18
location: "\\"
- description: ""
groupName: PVWAUsers
groupType: Vault
id: 19
location: "\\"
- description: ""
groupName: PVWAGWAccounts
groupType: Vault
id: 20
location: "\\"
- description: ""
groupName: PVWAAppUsers
groupType: Vault
id: 21
location: "\\"
- description: ""
groupName: PSMMaster
groupType: Vault
id: 40
location: "\\"
- description: ""
groupName: PSMAppUsers
groupType: Vault
id: 41
location: "\\"
- description: ""
groupName: PSMP_ADB_AppUsers
groupType: Vault
id: 43
location: "\\"
- description: ""
groupName: PSMLiveSessionTerminators
groupType: Vault
id: 48
location: "\\"
- description: Backup users group
groupName: Backup Users
groupType: Vault
id: 7
location: "\\System"
- description: Operators group
groupName: Operators
groupType: Vault
id: 9
location: "\\System"
- description: DR users group
groupName: DR Users
groupType: Vault
id: 10
location: "\\System"
- description: Vault Admins group
groupName: Vault Admins
groupType: Vault
id: 11
location: "\\System"
post:
tags:
- User Management
- Groups
- v2 API123456
summary: Create Group
description: "This method adds a new Vault group.\n\nTo run this Web service, you must have the following permissions:\n\n* Add Users\n* Update Users"
operationId: createGroup
requestBody:
content:
application/json:
schema:
type: object
properties:
description:
type: string
example: The users in this group all have the same authorizations
groupName:
type: string
example: unique-group-name
location:
type: string
example: "\\"
example:
description: The users in this group all have the same authorizations
groupName: unique-group-name
location: "\\"
responses:
"200":
description: ""
"/PasswordVault/api/UserGroups/{GroupID}":
delete:
tags:
- User Management
- Groups
- v2 API123456
summary: Delete Group
description: "his method deletes a user group.\n\nIn order to delete a user group, the following authorizations are required:\n\n* Add/Update Users\n"
operationId: deleteGroup
responses:
"200":
description: ""
parameters:
- name: GroupID
in: path
required: true
schema:
type: string
"/PasswordVault/api/UserGroups/{GroupID}/Members/":
post:
tags:
- User Management
- Groups
- v2 API123456
summary: Add User to Group
description: "This method adds a user as a member to an existing Vault group. This is relevant for regular Vault users, LDAP mapped groups or LDAP users.\n\nThe user who runs this web service requires the **Add/Update users** permissions in the Vault."
operationId: addUserToGroup
requestBody:
content:
application/json:
schema:
type: object
properties:
domainName:
type: string
example: string
memberId:
type: string
example: string
memberType:
type: string
example: Vault
example:
domainName: string
memberId: string
memberType: Vault
responses:
"200":
description: ""
parameters:
- name: GroupID
in: path
required: true
schema:
type: string
"/PasswordVault/api/UserGroups/{GroupID}/Members/{Member}":
delete:
tags:
- User Management
- Groups
- v2 API123456
summary: Remove User from Group
description: This method removes a specific user from a user group in the Vault.
operationId: removeUserFromGroup
responses:
"200":
description: ""
parameters:
- name: GroupID
in: path
required: true
schema:
type: string
- name: Member
in: path
required: true
schema:
type: string
/PasswordVault/api/Users:
get:
tags:
- User Management
- Users
- v2 API12345
summary: Get Users
description: "This method returns a list of all existing users in the Vault except for the Master and the Batch built-in users.\n\nTo run this Web service, you must have the following permissions:\n\n* **Audit users**\n\nYou can retrieve only users on the same level as you or lower in the Vault hierarchy.\n\n**Note:** This Web service returns up to 6000 users in up to 20 seconds. If the number of users is higher, the response time may be higher."
operationId: getUsers
requestBody:
content:
application/json:
schema:
type: object
properties:
filter:
type: string
example: userType or componentUser
search:
type: string
example: "username, first name, or last name"
example:
filter: userType or componentUser
search: "username, first name, or last name"
responses:
"200":
description: ""
post:
tags:
- User Management
- Users
- v2 API12345
summary: Add User
description: "This method adds a new user to the Vault.\n\nTo run this Web service, you must have the following permissions:\n\n* Add Users\n* Update Users"
operationId: addUser
requestBody:
content:
application/json:
schema:
type: object
properties:
authenticationMethod:
type: array
items:
type: string
example: AuthTypePass
example:
- AuthTypePass
businessAddress:
type: object
properties:
workCity:
type: string
example: Petah Tikva
workCountry:
type: string
example: Israel
workState:
type: string
example: Israel
workStreet:
type: string
example: Hapssagot 9
workZip:
type: string
example: "9999999"
changePassOnNextLogon:
type: boolean
example: true
description:
type: string
example: This user is privileged
distinguishedName:
type: string
example: newUser@cyberark
enableUser:
type: boolean
example: true
expiryDate:
type: number
example: 1577836800
initialPassword:
type: string
example: 123Cyber
internet:
type: object
properties:
businessEmail:
type: string
example: user@cyberark.com
homeEmail:
type: string
example: user@gmail.com
homePage:
type: string
example: Cyberark.com
otherEmail:
type: string
example: user2@gmail.com
location:
type: string
example: "\\"
passwordNeverExpires:
type: boolean
example: true
personalDetails:
type: object
properties:
city:
type: string
example: Tel Aviv
country:
type: string
example: Israel
department:
type: string
example: R&D
firstName:
type: string
example: John
lastName:
type: string
example: Smith
middleName:
type: string
example: Doe
organization:
type: string
example: Cyber ark
profession:
type: string
example: software development
state:
type: string
example: Israel
street:
type: string
example: Dizzengof 56
title:
type: string
example: Mr. VIP
zip:
type: string
example: "123456"
phones:
type: object
properties:
businessNumber:
type: string
example: "555456789"
cellularNumber:
type: string
example: "555789789"
faxNumber:
type: string
example: "999999"
homeNumber:
type: string
example: "555123456"
pagerNumber:
type: string
example: "111111"
unAuthorizedInterfaces:
type: array
items:
type: string
example: PSM
example:
- PSM
- PSMP
userType:
type: string
example: EPVUser
username:
type: string
example: newUser
vaultAuthorization:
type: array
items:
type: string
example: AddSafes
example:
- AddSafes
- AuditUsers
example:
authenticationMethod:
- AuthTypePass
businessAddress:
workCity: Petah Tikva
workCountry: Israel
workState: Israel
workStreet: Hapssagot 9
workZip: "9999999"
changePassOnNextLogon: true
description: This user is privileged
distinguishedName: newUser@cyberark
enableUser: true
expiryDate: 1577836800
initialPassword: 123Cyber
internet:
businessEmail: user@cyberark.com
homeEmail: user@gmail.com
homePage: Cyberark.com
otherEmail: user2@gmail.com
location: "\\"
passwordNeverExpires: true
personalDetails:
city: Tel Aviv
country: Israel
department: R&D
firstName: John
lastName: Smith
middleName: Doe
organization: Cyber ark
profession: software development
state: Israel
street: Dizzengof 56
title: Mr. VIP
zip: "123456"
phones:
businessNumber: "555456789"
cellularNumber: "555789789"
faxNumber: "999999"
homeNumber: "555123456"
pagerNumber: "111111"
unAuthorizedInterfaces:
- PSM
- PSMP
userType: EPVUser
username: newUser
vaultAuthorization:
- AddSafes
- AuditUsers
responses:
"200":
description: ""
"/PasswordVault/api/Users/{UserID}/ResetPassword":
post:
tags:
- User Management
- Users
- v2 API12345
summary: Reset User Password
description: "This method resets an existing Vault user's password.\n\nTo run this Web service, you must have the following permissions:\n\n* **Audit users**\n* **Reset Users' Passwords**\n\nThe user who runs this Web service must be in the same Vault Location or higher as the user whose password is being reset."
operationId: resetUserPassword
requestBody:
content:
application/json:
schema:
type: object
properties:
id:
type: string
example: "<integer>"
newPassword:
type: string
example: "<string>"
example:
id: "<integer>"
newPassword: "<string>"
responses:
"200":
description: ""
parameters:
- name: UserID
in: path
required: true
schema:
type: string
/PasswordVault/api/auth/SAML/Logoff:
post:
tags:
- Authentication
- v2 API123
- SAML Authentication
summary: Logoff
description: This method logs off the user and removes the Vault session. This web service is used to log off when the user authenticated with SAML authentication.
operationId: logoff
responses:
"200":
description: ""
"/PasswordVault/api/recordings/{RecordingsID}/Play":
post:
tags:
- Monitor Sessions
- Recordings
summary: Play Recording
description: This method returns a data stream of a specific recorded session.
operationId: playRecording
requestBody:
content:
text/plain:
schema:
type: string
example: ""
responses:
"200":
description: ""
parameters:
- name: RecordingsID
in: path
required: true
schema:
type: string
/api/getauthtoken:
post:
tags:
- Privileged Threat Analytics (PTA)
summary: Get Authentication Token
description: "This method enables a user to get a token upon Web application authentication. You can use this method to monitor the PTA system health, as shown in [Get PTA replication status](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/PTA_System_Health.htm)."
operationId: getAuthenticationToken
requestBody:
content:
application/form-urlencoded:
schema:
type: object
properties:
password:
type: string
example: "{{apiPassword}}"
username:
type: string
example: "{{apiUsername}}"
example:
password: "{{apiPassword}}"
username: "{{apiUsername}}"
responses:
"200":
description: ""
/api/monitoring:
get:
tags:
- Privileged Threat Analytics (PTA)
summary: Get PTA Replication Status
description: This method returns details about the health of the PTA Server and Application.
operationId: getPtaReplicationStatus
responses:
"200":
description: ""
/installer/api/encryptionkey:
get:
tags:
- Privileged Threat Analytics (PTA)
- PTA Installation
summary: Server Encryption Key
description: "This method generates and returns an RSA encryption key as base 64 string that is used by the installer for encrypting sensitive fields.\n\nTo encrypt the sensitive fields, encrypt the data value using the RSA algorithm that uses the generated key as the encryption key. Add an **{encrypted}** prefix string to the encrypted value to indicate to the PTA server to decrypt the data."
operationId: serverEncryptionKey
responses:
"200":
description: ""
/installer/api/getauthtoken:
post:
tags:
- Privileged Threat Analytics (PTA)
- PTA Installation
summary: PTA Server Authentication
description: "This method generates a token that enables the user to authenticate to the PTA Server using the machine credentials for the installation process. This method can be run with an encrypted or clear text password. To encrypt the password, see [Get Server encryption key](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ServerEncryption.htm)."
operationId: ptaServerAuthentication
requestBody:
content:
application/form-urlencoded:
schema:
type: object
properties:
password:
type: string
example: "{{apiPassword}}"
username:
type: string
example: "{{apiUsername}}"
example:
password: "{{apiPassword}}"
username: "{{apiUsername}}"
responses:
"200":
description: ""
/installer/api/installation:
get:
tags:
- Privileged Threat Analytics (PTA)
- PTA Installation
summary: PTA Installation Status
description: This method returns the status of the installation of the PTA server.
operationId: ptaInstallationStatus
responses:
"200":
description: ""
/monitoring/federate:
get:
tags:
- Privileged Threat Analytics (PTA)
summary: Get PTA System Health
description: "This method returns Prometheus monitor metrics about the PTA Server and database. When you run the API for the first time, you are redirected to the PTA Login screen.\n\n1. Log in to the PTA Server using **monitor** as the user and **DiamondMonitor** (case sensitive) as the password. You are then prompted to change the password.\n2. After you change the password, encode the user (**monitor**) and the new password in BASE 64.\n* Enter the data in the format **username:password**.\n* The encoded result is entered in the **Authorization** header parameter in the format **Basic <encoded result>**. _In this Postman collection, we use the **Authorization** tab to automatically do this for us instead._\n\nYou can use Grafana or similar tools to display the results in a user-friendly format."
operationId: getPtaSystemHealth
parameters:
- name: "match[]"
in: query
schema:
type: string
example: "%7Bjob%3D~%22ptaaa_.%2B%22%7D"
description: Job ID(s) to monitor in array
responses:
"200":
description: ""
"/passwordvault/api/Accounts/{AccountID}/SetNextPassword":
post:
tags:
- Accounts
- Account Actions
- v2 API1
summary: "Change Password, Set Next Password"
description: "This method enables users to set the account's credentials to use for the next CPM change.\n\nThe user who runs this web service requires the following permissions in the Safe where the privileged account is stored:\n\n* Initiate CPM password management operations\n* Specify next password value"
operationId: changePasswordSetNextPassword
requestBody:
content:
application/json:
schema:
type: object
properties:
ChangeImmediately:
type: boolean
example: true
NewCredentials:
type: string
example: "<credentials>"
example:
ChangeImmediately: true
NewCredentials: "<credentials>"
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
/passwordvault/api/Configuration/AccessRestriction/AllowedReferrers:
get:
tags:
- General
summary: Get Allowed Referrer
description: "This method returns the allowed referrer list. This means access is allowed from all URLs in the list, to the PVWA. Any user who is a member of the Vault admins group can run this web service."
operationId: getAllowedReferrer
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache,no-store, no-cache, must-revalidate"
Content-Length:
schema:
type: string
example: "129"
Date:
schema:
type: string
example: "Fri, 25 Sep 2020 15:51:56 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: "no-cache,no-cache"
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: array
items:
type: object
properties:
referrerURL:
type: string
example: /WebID/
regularExpression:
type: boolean
example: false
example:
- referrerURL: /WebID/
regularExpression: false
- referrerURL: "https://tenantid.my.idaptive.app"
regularExpression: false
examples:
200 OK:
value:
- referrerURL: /WebID/
regularExpression: false
- referrerURL: "https://tenantid.my.idaptive.app"
regularExpression: false
post:
tags:
- General
summary: Add Allowed Referrer
description: This method adds a web application URL to the allowed referrer list. This means access is allowed from the URL to the PVWA. Any user who is a member of the Vault admins group can run this web service.
operationId: addAllowedReferrer
requestBody:
content:
application/json:
schema:
type: object
properties:
referrerURL:
type: string
example: "https://CompanyA/portal/"
regularExpression:
type: boolean
example: false
example:
referrerURL: "https://CompanyA/portal/"
regularExpression: false
responses:
"200":
description: ""
/passwordvault/api/DiscoveredAccounts:
get:
tags:
- Accounts
- Discovered Accounts
- v2 API12
summary: Get Discovered Accounts
description: "This method returns a list of all the discovered accounts from the Pending Accounts list. To run this web service, the user must be a member of the Vault admins group.\n \t\n**Note:** Discovered accounts that were onboarded either manually or automatically, according to predefined rules, won't be returned using this method.\n\nFor more information on available filters, please visit [Filter Parameters](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/11.6/en/Content/WebServices/Get-discovered-accounts.htm#filter-parameters) in the CyberArk API Documentation."
operationId: getDiscoveredAccounts
parameters:
- name: filter
in: query
schema:
type: string
example: platformType eq Windows Server Local AND privileged eq true AND accountEnabled eq true
description: "search accounts using platformType, privileged, and/or accountEnabled values"
- name: search
in: query
schema:
type: string
example: admin
description: search is supported for username and address
- name: searchType
in: query
schema:
type: string
example: contains
description: "keyword is contained (contains, DEFAULT) or beginning (startswith)"
- name: offset
in: query
schema:
type: string
example: "0"
description: the offset of the first returned account in the list of results
- name: limit
in: query
schema:
type: string
example: "100"
description: the maximum number of accounts to return (maximum value allowed is 1000)
responses:
"200":
description: ""
"/passwordvault/api/DiscoveredAccounts/{AccountID}":
get:
tags:
- Accounts
- Discovered Accounts
- v2 API12
summary: Get Discovered Account Details
description: "This method returns information about a discovered account and its dependencies from the Pending Accounts list. The discovered account is identified by its ID.\n\nTo run this web service, the user must be a member of the Vault admins group.\n\n**Note:** Discovered accounts that were onboarded either manually or automatically, according to predefined rules, won't be returned using this method."
operationId: getDiscoveredAccountDetails
responses:
"200":
description: ""
parameters:
- name: AccountID
in: path
required: true
schema:
type: string
"/passwordvault/api/Platforms/Targets/{PlatformName}/PrivilegedSessionManagement":
put:
tags:
- Session Management
summary: Update Session Management Policy of Platform
description: This method allows Vault admins to update the PSM Policy Section of a target platform.
operationId: updateSessionManagementPolicyOfPlatform
requestBody:
content:
application/json:
schema:
type: object
properties:
PSMConnectors:
type: array
items:
type: object
properties:
Enabled:
type: boolean
example: false
PSMConnectorID:
type: string
example: PSM-AWSConsoleWithSTS
example:
- Enabled: false
PSMConnectorID: PSM-AWSConsoleWithSTS
- Enabled: true
PSMConnectorID: SSH
PSMServerId:
type: string
example: PSMServer_e7b11b1
PSMServerName:
type: string
example: PSMServer2
example:
PSMConnectors:
- Enabled: false
PSMConnectorID: PSM-AWSConsoleWithSTS
- Enabled: true
PSMConnectorID: SSH
PSMServerId: PSMServer_e7b11b1
PSMServerName: PSMServer2
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
/passwordvault/api/bulkactions/accounts:
get:
tags:
- Accounts
- Bulk Upload of Accounts
summary: Get All Bulk Account Uploads for User
description: "This method gets the status of all bulk account uploads that the user performed.\n\n**Note:** Bulk account uploads are returned sorted by their creation time in descending order - from the most recent to the oldest. The bulk account uploads that are returned are ones that a specific user created and has authorization to view."
operationId: getAllBulkAccountUploadsForUser
parameters:
- name: filter
in: query
schema:
type: string
example: ""
description: status - returns all bulk account uploads that meet the required status
- name: limit
in: query
schema:
type: string
example: "50"
description: "number of accounts to return, starting from first account"
responses:
"200":
description: ""
post:
tags:
- Accounts
- Bulk Upload of Accounts
summary: Create Bulk Upload of Accounts
description: "This method allows a developer to add multiple accounts to existing Safes. The response contains the ID of the bulk account upload that was performed.\n \t\n**Note:** This option is only available if you have **Add accounts**, **Update account content**, and **Update account properties** authorization in at least one Safe."
operationId: createBulkUploadOfAccounts
requestBody:
content:
application/json:
schema:
type: object
properties:
accountsList:
type: array
items:
type: object
properties:
address:
type: string
example: 192.0.2.0
groupName:
type: string
example: DomainGroup
platformAccountProperties:
type: object
properties:
port:
type: string
example: "111"
platformId:
type: string
example: WinDomain
remoteMachinesAccess:
type: object
properties:
accessRestrictedToRemoteMachines:
type: boolean
example: true
remoteMachines:
type: string
example: example.com
safeName:
type: string
example: WinDomainSafe
secret:
type: string
example: "123456"
secretManagement:
type: object
properties:
automaticManagementEnabled:
type: boolean
example: true
manualManagementReason:
type: string
example: ""
uploadIndex:
type: string
example: "1"
username:
type: string
example: JohnDoe
example:
- address: 192.0.2.0
groupName: DomainGroup
platformAccountProperties:
port: "111"
platformId: WinDomain
remoteMachinesAccess:
accessRestrictedToRemoteMachines: true
remoteMachines: example.com
safeName: WinDomainSafe
secret: "123456"
secretManagement:
automaticManagementEnabled: true
manualManagementReason: ""
uploadIndex: "1"
username: JohnDoe
- address: 198.51.100.0
groupName: WinGroup
platformAccountProperties:
port: "222"
platformId: WinDesktopLocal
remoteMachinesAccess:
accessRestrictedToRemoteMachines: true
remoteMachines: example.net
safeName: WinUsersSafe
secret: "123456"
secretManagement:
automaticManagementEnabled: true
manualManagementReason: ""
uploadIndex: "2"
username: JaneDoe
source:
type: string
example: filename.csv
example:
accountsList:
- address: 192.0.2.0
groupName: DomainGroup
platformAccountProperties:
port: "111"
platformId: WinDomain
remoteMachinesAccess:
accessRestrictedToRemoteMachines: true
remoteMachines: example.com
safeName: WinDomainSafe
secret: "123456"
secretManagement:
automaticManagementEnabled: true
manualManagementReason: ""
uploadIndex: "1"
username: JohnDoe
- address: 198.51.100.0
groupName: WinGroup
platformAccountProperties:
port: "222"
platformId: WinDesktopLocal
remoteMachinesAccess:
accessRestrictedToRemoteMachines: true
remoteMachines: example.net
safeName: WinUsersSafe
secret: "123456"
secretManagement:
automaticManagementEnabled: true
manualManagementReason: ""
uploadIndex: "2"
username: JaneDoe
source: filename.csv
responses:
"200":
description: ""
"/passwordvault/api/bulkactions/accounts/{BulkID}":
get:
tags:
- Accounts
- Bulk Upload of Accounts
summary: Get Bulk Account Upload Result
description: "This method returns the result of the bulk account upload, which is identified by the ID of the bulk account upload. When the upload has finished, the API returns the result. The result contains a list of all the accounts that succeeded or failed to upload.\n \t\n\n**Note:** Only the user that created the bulk account upload can receive the result of the upload using this API."
operationId: getBulkAccountUploadResult
responses:
"200":
description: ""
parameters:
- name: BulkID
in: path
required: true
schema:
type: string
"/passwordvault/api/platforms/dependent/{PlatformName}/duplicate":
post:
tags:
- Platforms
- Dependent Platforms
summary: Duplicate Dependent Platforms
description: This method allows Vault Admins to duplicate dependent platforms.
operationId: duplicateDependentPlatforms
requestBody:
content:
application/json:
schema:
type: object
properties:
Description:
type: string
example: ""
Name:
type: string
example: test Platform
example:
Description: ""
Name: test Platform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
/passwordvault/api/platforms/dependents:
get:
tags:
- Platforms
- Dependent Platforms
summary: Get Dependent Platforms
description: This method allows Vault Admins to retrieve basic information about all existing dependent platforms.
operationId: getDependentPlatforms
parameters:
- name: search
in: query
schema:
type: string
description: Platform Name
responses:
"200":
description: ""
"/passwordvault/api/platforms/dependents/{PlatformName}":
delete:
tags:
- Platforms
- Dependent Platforms
summary: Delete Dependent Platform
description: This method allows Vault Admins to delete a dependent platform.
operationId: deleteDependentPlatform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
/passwordvault/api/platforms/groups:
get:
tags:
- Platforms
- Group Platforms
summary: Get Group Platforms
description: This method allows Vault Admins to retrieve basic information about all existing group platforms.
operationId: getGroupPlatforms
parameters:
- name: search
in: query
schema:
type: string
example: SSH
description: Platform Name
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache,no-store, no-cache, must-revalidate"
Content-Length:
schema:
type: string
example: "124"
Date:
schema:
type: string
example: "Wed, 30 Sep 2020 13:09:44 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: "no-cache,no-cache"
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
Platforms:
type: array
items:
type: object
properties:
Active:
type: boolean
example: false
ID:
type: number
example: 34
Name:
type: string
example: "[Sample SSH Key Group Platform]"
PlatformID:
type: string
example: SampleSSHKeyGroup
example:
- Active: false
ID: 34
Name: "[Sample SSH Key Group Platform]"
PlatformID: SampleSSHKeyGroup
Total:
type: number
example: 1
examples:
200 OK:
value:
Platforms:
- Active: false
ID: 34
Name: "[Sample SSH Key Group Platform]"
PlatformID: SampleSSHKeyGroup
Total: 1
"/passwordvault/api/platforms/groups/{PlatformName}":
delete:
tags:
- Platforms
- Group Platforms
summary: Delete Group Platform
description: This method allows Vault Admins to delete a group platform.
operationId: deleteGroupPlatform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
"/passwordvault/api/platforms/groups/{PlatformName}/activate":
post:
tags:
- Platforms
- Group Platforms
summary: Activate Group Platform
description: This method allows Vault Admins to activate a group platform.
operationId: activateGroupPlatform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
"/passwordvault/api/platforms/groups/{PlatformName}/deactivate":
post:
tags:
- Platforms
- Group Platforms
summary: Deactivate Group Platform
description: This method allows Vault Admins to deactivate a group platform.
operationId: deactivateGroupPlatform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
"/passwordvault/api/platforms/groups/{PlatformName}/duplicate":
post:
tags:
- Platforms
- Group Platforms
summary: Duplicate Group Platforms
description: This method allows Vault Admins to duplicate group platforms.
operationId: duplicateGroupPlatforms
requestBody:
content:
application/json:
schema:
type: object
properties:
Description:
type: string
example: ""
Name:
type: string
example: test Platform
example:
Description: ""
Name: test Platform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
/passwordvault/api/platforms/rotationalGroups:
get:
tags:
- Platforms
- Rotational Group Platforms
summary: Get Rotational Group Platforms
description: This method allows Vault Admins to retrieve basic information about all existing rotational group platforms.
operationId: getRotationalGroupPlatforms
parameters:
- name: search
in: query
schema:
type: string
example: MySQL
description: Platform Name
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache,no-store, no-cache, must-revalidate"
Content-Length:
schema:
type: string
example: "145"
Date:
schema:
type: string
example: "Wed, 30 Sep 2020 13:15:00 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: "no-cache,no-cache"
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
Platforms:
type: array
items:
type: object
properties:
Active:
type: boolean
example: true
GracePeriod:
type: number
example: 540
ID:
type: number
example: 40
Name:
type: string
example: MySQL Server - Dual Accounts
PlatformID:
type: string
example: MySQLServer-DualAccounts
example:
- Active: true
GracePeriod: 540
ID: 40
Name: MySQL Server - Dual Accounts
PlatformID: MySQLServer-DualAccounts
Total:
type: number
example: 1
examples:
200 OK:
value:
Platforms:
- Active: true
GracePeriod: 540
ID: 40
Name: MySQL Server - Dual Accounts
PlatformID: MySQLServer-DualAccounts
Total: 1
"/passwordvault/api/platforms/rotationalGroups/{PlatformName}":
delete:
tags:
- Platforms
- Rotational Group Platforms
summary: Delete Rotational Group Platform
description: This method allows Vault Admins to delete a rotational group platform.
operationId: deleteRotationalGroupPlatform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
"/passwordvault/api/platforms/rotationalGroups/{PlatformName}/activate":
post:
tags:
- Platforms
- Rotational Group Platforms
summary: Activate Rotational Group Platform
description: This method allows Vault Admins to activate a rotational group platform.
operationId: activateRotationalGroupPlatform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
"/passwordvault/api/platforms/rotationalGroups/{PlatformName}/deactivate":
post:
tags:
- Platforms
- Rotational Group Platforms
summary: Deactivate Rotational Group Platform
description: This method allows Vault Admins to deactivate a rotational group platform.
operationId: deactivateRotationalGroupPlatform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
"/passwordvault/api/platforms/rotationalGroups/{PlatformName}/duplicate":
post:
tags:
- Platforms
- Rotational Group Platforms
summary: Duplicate Rotational Group Platforms
description: This method allows Vault Admins to duplicate rotational group platforms.
operationId: duplicateRotationalGroupPlatforms
requestBody:
content:
application/json:
schema:
type: object
properties:
Description:
type: string
example: ""
Name:
type: string
example: test Platform
example:
Description: ""
Name: test Platform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
/passwordvault/api/platforms/targets:
get:
tags:
- Platforms
- Target Platforms
summary: Get Target Platforms
description: "This method allows users to retrieve basic information of all existing target platforms.\n\nYou can use filters to retrieve a subset of the target platforms or search for a specific target platform. For details, see [URL parameters](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/11.6/en/Content/SDK/rest-api-get-target-platforms.htm#URL%C2%A0para)."
operationId: getTargetPlatforms
responses:
"200":
description: 200 OK
headers:
Access-Control-Expose-Headers:
schema:
type: string
example: Warning
Cache-Control:
schema:
type: string
example: "no-cache,no-store, no-cache, must-revalidate"
Content-Length:
schema:
type: string
example: "33875"
Date:
schema:
type: string
example: "Fri, 25 Sep 2020 16:07:11 GMT"
Expires:
schema:
type: string
example: "-1"
Pragma:
schema:
type: string
example: "no-cache,no-cache"
Set-Cookie:
schema:
type: string
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly
Strict-Transport-Security:
schema:
type: string
example: max-age=31536000; includeSubDomains
X-Content-Type-Options:
schema:
type: string
example: nosniff
X-FRAME-Options:
schema:
type: string
example: SAMEORIGIN
X-UA-Compatible:
schema:
type: string
example: IE=EmulateIE8
X-XSS-Protection:
schema:
type: string
example: 1; mode=block
content:
application/json:
schema:
type: object
properties:
Platforms:
type: array
items:
type: object
properties:
Active:
type: boolean
example: true
AllowedSafes:
type: string
example: ".*"
CredentialsManagementPolicy:
type: object
properties:
Change:
type: object
properties:
AllowManual:
type: boolean
example: true
AutoOnAdd:
type: boolean
example: false
PerformAutomatic:
type: boolean
example: false
RequirePasswordEveryXDays:
type: number
example: 90
Reconcile:
type: object
properties:
AllowManual:
type: boolean
example: true
AutomaticReconcileWhenUnsynced:
type: boolean
example: false
SecretUpdateConfiguration:
type: object
properties:
ChangePasswordInResetMode:
type: boolean
example: false
Verification:
type: object
properties:
AllowManual:
type: boolean
example: true
AutoOnAdd:
type: boolean
example: false
PerformAutomatic:
type: boolean
example: false
RequirePasswordEveryXDays:
type: number
example: 7
ID:
type: number
example: 2
Name:
type: string
example: Unix via SSH
PlatformID:
type: string
example: UnixSSH
PrivilegedAccessWorkflows:
type: object
properties:
EnforceCheckinCheckoutExclusiveAccess:
type: object
properties:
IsActive:
type: boolean
example: false
IsAnException:
type: boolean
example: false
EnforceOnetimePasswordAccess:
type: object
properties:
IsActive:
type: boolean
example: false
IsAnException:
type: boolean
example: false
RequireDualControlPasswordAccessApproval:
type: object
properties:
IsActive:
type: boolean
example: false
IsAnException:
type: boolean
example: false
RequireUsersToSpecifyReasonForAccess:
type: object
properties:
IsActive:
type: boolean
example: false
IsAnException:
type: boolean
example: false
PrivilegedSessionManagement:
type: object
properties:
PSMServerId:
type: string
example: PSMServer
PSMServerName:
type: string
example: PSM Server on PASAAS-PSM
SystemType:
type: string
example: "*NIX"
example:
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 2
Name: Unix via SSH
PlatformID: UnixSSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer
PSMServerName: PSM Server on PASAAS-PSM
SystemType: "*NIX"
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 23
Name: Unix via SSH Keys
PlatformID: UnixSSHKeys
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: "*NIX"
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 35
Name: Conjur Host
PlatformID: ConjurHost
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Application
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 48
Name: Conjur User
PlatformID: ConjurUser
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Application
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 32
Name: CyberArk PTA
PlatformID: CyberArkPTA
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Application
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 9
Name: CyberArk Vault
PlatformID: CyberArk
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Application
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 28
Name: RSA Authentication Manager
PlatformID: RSAManagement
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Application
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 5
Name: SAP
PlatformID: SAP
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Application
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 25
Name: Amazon Web Services - AWS
PlatformID: AWS
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Cloud Service
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 26
Name: Amazon Web Services - AWS - Access Keys
PlatformID: AWSAccessKeys
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Cloud Service
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 30
Name: Microsoft Azure Password Management
PlatformID: AzurePasswordManagement
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Cloud Service
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 37
Name: Google Cloud Platfrom - Service Account
PlatformID: GCPServiceAccount
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Cloud Service
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 29
Name: Microsoft Azure Application Keys Management
PlatformID: AzureApplicationKeys
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Cloud Service
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 17
Name: MySQL Server
PlatformID: MySQL
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 15
Name: DB2 on Unix via SSH
PlatformID: DB2UnixSSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 16
Name: Informix on Unix via SSH
PlatformID: InformixUnixSSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 3
Name: Microsoft SQL Server
PlatformID: MSSql
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 8
Name: Oracle Database
PlatformID: Oracle
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 31
Name: SAP HANA
PlatformID: SAPHANA
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 4
Name: Sybase ASE
PlatformID: Sybase
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 21
Name: Novell eDirectory server
PlatformID: Novell-eDirectory
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Directory
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 20
Name: SunOne directory via SSL
PlatformID: SunOneDirectorySSL
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Directory
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 19
Name: Cisco router via SSH
PlatformID: CiscoSSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Network Device
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 12
Name: AS400
PlatformID: as400
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Operating System
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 13
Name: OS390 via SSH
PlatformID: OS390SSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Operating System
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 14
Name: VMWare ESX Account API
PlatformID: VMWareESX-API
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Operating System
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 22
Name: PSM Secure Connect
PlatformID: PSMSecureConnect
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: PSM Secure Connect
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 18
Name: Check Point FireWall-1
PlatformID: Firewall1
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Security Appliance
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 24
Name: Check Point GAiA via SSH
PlatformID: GAiASSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Security Appliance
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 42
Name: Docker Registry
PlatformID: DockerRegistry
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Website
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 38
Name: Generic Web App
PlatformID: GenericWebApp
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Website
- Active: false
AllowedSafes: BZ_I_*
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 36
Name: Business Website
PlatformID: BusinessWebsite
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Website
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: true
PerformAutomatic: true
RequirePasswordEveryXDays: 7
ID: 10
Name: Windows Desktop Local Accounts
PlatformID: WinDesktopLocal
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Windows
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: true
PerformAutomatic: true
RequirePasswordEveryXDays: 7
ID: 7
Name: Windows Domain Account
PlatformID: WinDomain
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer
PSMServerName: PSM Server on PASAAS-PSM
SystemType: Windows
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: true
PerformAutomatic: true
RequirePasswordEveryXDays: 7
ID: 6
Name: Windows Server Local Accounts
PlatformID: WinServerLocal
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Windows
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 11
Name: Windows Local Accounts WMI
PlatformID: WinLocalWMI
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Windows
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 27
Name: Windows Loosely Device
PlatformID: WinLooselyDevice
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Windows
Total:
type: number
example: 37
examples:
200 OK:
value:
Platforms:
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 2
Name: Unix via SSH
PlatformID: UnixSSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer
PSMServerName: PSM Server on PASAAS-PSM
SystemType: "*NIX"
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 23
Name: Unix via SSH Keys
PlatformID: UnixSSHKeys
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: "*NIX"
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 35
Name: Conjur Host
PlatformID: ConjurHost
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Application
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 48
Name: Conjur User
PlatformID: ConjurUser
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Application
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 32
Name: CyberArk PTA
PlatformID: CyberArkPTA
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Application
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 9
Name: CyberArk Vault
PlatformID: CyberArk
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Application
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 28
Name: RSA Authentication Manager
PlatformID: RSAManagement
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Application
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 5
Name: SAP
PlatformID: SAP
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Application
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 25
Name: Amazon Web Services - AWS
PlatformID: AWS
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Cloud Service
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 26
Name: Amazon Web Services - AWS - Access Keys
PlatformID: AWSAccessKeys
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Cloud Service
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 30
Name: Microsoft Azure Password Management
PlatformID: AzurePasswordManagement
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Cloud Service
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 37
Name: Google Cloud Platfrom - Service Account
PlatformID: GCPServiceAccount
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Cloud Service
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 29
Name: Microsoft Azure Application Keys Management
PlatformID: AzureApplicationKeys
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Cloud Service
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 17
Name: MySQL Server
PlatformID: MySQL
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 15
Name: DB2 on Unix via SSH
PlatformID: DB2UnixSSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 16
Name: Informix on Unix via SSH
PlatformID: InformixUnixSSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 3
Name: Microsoft SQL Server
PlatformID: MSSql
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 8
Name: Oracle Database
PlatformID: Oracle
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 31
Name: SAP HANA
PlatformID: SAPHANA
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 4
Name: Sybase ASE
PlatformID: Sybase
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Database
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 21
Name: Novell eDirectory server
PlatformID: Novell-eDirectory
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Directory
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 20
Name: SunOne directory via SSL
PlatformID: SunOneDirectorySSL
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Directory
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 19
Name: Cisco router via SSH
PlatformID: CiscoSSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Network Device
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 12
Name: AS400
PlatformID: as400
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Operating System
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 13
Name: OS390 via SSH
PlatformID: OS390SSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Operating System
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 14
Name: VMWare ESX Account API
PlatformID: VMWareESX-API
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Operating System
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 22
Name: PSM Secure Connect
PlatformID: PSMSecureConnect
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: PSM Secure Connect
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 18
Name: Check Point FireWall-1
PlatformID: Firewall1
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Security Appliance
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 24
Name: Check Point GAiA via SSH
PlatformID: GAiASSH
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Security Appliance
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 42
Name: Docker Registry
PlatformID: DockerRegistry
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Website
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 38
Name: Generic Web App
PlatformID: GenericWebApp
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Website
- Active: false
AllowedSafes: BZ_I_*
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 36
Name: Business Website
PlatformID: BusinessWebsite
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Website
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: true
PerformAutomatic: true
RequirePasswordEveryXDays: 7
ID: 10
Name: Windows Desktop Local Accounts
PlatformID: WinDesktopLocal
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Windows
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: true
PerformAutomatic: true
RequirePasswordEveryXDays: 7
ID: 7
Name: Windows Domain Account
PlatformID: WinDomain
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer
PSMServerName: PSM Server on PASAAS-PSM
SystemType: Windows
- Active: true
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: true
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: true
PerformAutomatic: true
RequirePasswordEveryXDays: 7
ID: 6
Name: Windows Server Local Accounts
PlatformID: WinServerLocal
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Windows
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: true
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 11
Name: Windows Local Accounts WMI
PlatformID: WinLocalWMI
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
SystemType: Windows
- Active: false
AllowedSafes: ".*"
CredentialsManagementPolicy:
Change:
AllowManual: true
AutoOnAdd: false
PerformAutomatic: true
RequirePasswordEveryXDays: 90
Reconcile:
AllowManual: false
AutomaticReconcileWhenUnsynced: false
SecretUpdateConfiguration:
ChangePasswordInResetMode: false
Verification:
AllowManual: false
AutoOnAdd: false
PerformAutomatic: false
RequirePasswordEveryXDays: 7
ID: 27
Name: Windows Loosely Device
PlatformID: WinLooselyDevice
PrivilegedAccessWorkflows:
EnforceCheckinCheckoutExclusiveAccess:
IsActive: false
IsAnException: false
EnforceOnetimePasswordAccess:
IsActive: false
IsAnException: false
RequireDualControlPasswordAccessApproval:
IsActive: false
IsAnException: false
RequireUsersToSpecifyReasonForAccess:
IsActive: false
IsAnException: false
PrivilegedSessionManagement:
PSMServerId: PSMServer_a91999c
PSMServerName: PSM Server on PASAAS-PVWA
SystemType: Windows
Total: 37
"/passwordvault/api/platforms/targets/{PlatformName}":
delete:
tags:
- Platforms
- Target Platforms
summary: Delete Target Platform
description: This method allows Vault Admins to delete a target platform.
operationId: deleteTargetPlatform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
"/passwordvault/api/platforms/targets/{PlatformName}/activate":
post:
tags:
- Platforms
- Target Platforms
summary: Activate Target Platform
description: This method allows Vault Admins to activate a target platform.
operationId: activateTargetPlatform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
"/passwordvault/api/platforms/targets/{PlatformName}/deactivate":
post:
tags:
- Platforms
- Target Platforms
summary: Deactivate Target Platform
description: This method allows Vault Admins to deactivate a target platform.
operationId: deactivateTargetPlatform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
"/passwordvault/api/platforms/targets/{PlatformName}/duplicate":
post:
tags:
- Platforms
- Target Platforms
summary: Duplicate Target Platforms
description: This method allows Vault Admins to duplicate target platforms.
operationId: duplicateTargetPlatforms
requestBody:
content:
application/json:
schema:
type: object
properties:
Description:
type: string
example: ""
Name:
type: string
example: test Platform
example:
Description: ""
Name: test Platform
responses:
"200":
description: ""
parameters:
- name: PlatformName
in: path
required: true
schema:
type: string
tags:
- name: Accounts
- name: v2 API
- name: v1 API
- name: Account Actions
- name: v2 API1
- name: v1 API1
- name: Account Groups
- name: Bulk Upload of Accounts
description: "This section includes three methods that enable you to perform a bulk upload of multiple accounts, and review the results.\n\nFirst, to add multiple accounts at one time to the system, use the Create bulk upload of accounts REST API.\n\nNext, to check the status of all the bulk account uploads that were performed by a user, use the Get all bulk account uploads for user REST API.\n\nLast, to review a summary of uploaded accounts and accounts that failed for a specific bulk upload, use the Get bulk account upload result REST API."
- name: Discovered Accounts
description: "This section includes REST APIs for discovered accounts. "
- name: v2 API12
- name: v1 API12
- name: Applications
- name: Authentication
- name: v2 API123
- name: SAML Authentication
- name: v1 API123
- name: Shared Logon Authentication
- name: Authentication Methods Config
description: This section includes REST APIs for configuring and managing authentication methods.
- name: Central Credential Provider (CCP)
- name: General
description: This section includes general APIs.
- name: LDAP Integration
- name: LDAP Directories
- name: LDAP Mappings
- name: Monitor Sessions
- name: Session Actions
- name: Recordings
- name: Onboarding Rules
- name: OPM Commands
- name: Account
- name: Policy
- name: Platforms
- name: Target Platforms
description: This section includes REST APIs for managing target platforms.
- name: Dependent Platforms
description: This section includes REST APIs for managing dependent platforms.
- name: Group Platforms
description: This section includes REST APIs for managing group platforms.
- name: Rotational Group Platforms
description: This section includes REST APIs for managing rotational group platforms.
- name: Privileged Threat Analytics (PTA)
- name: PTA Installation
- name: Security Events
- name: Requests
- name: Confirm Requests
- name: My Requests
- name: Safes
- name: v2 API1234
- name: v1 API1234
- name: Safe Members
- name: Server
- name: Session Management
description: This section includes REST APIs related to session management.
- name: System Health
- name: User Management
description: This section includes REST APIs for managing users and groups.
- name: Users
- name: v2 API12345
- name: v1 API12345
- name: Groups
- name: v2 API123456
- name: v1 API123456
- name: Public SSH Authentication
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment