Last active
September 10, 2021 13:49
-
-
Save adarobin/9ac128d13474f4a7b8f3f9e45a19554a to your computer and use it in GitHub Desktop.
PAS OpenAPI with openapi-generate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
117d116 | |
< | |
120,121d118 | |
< schema: | |
< type: string | |
248,249d244 | |
< schema: | |
< type: string | |
391,392d385 | |
< schema: | |
< type: string | |
452,453d444 | |
< schema: | |
< type: string | |
468,469d458 | |
< schema: | |
< type: string | |
484,486c473 | |
< application/octet-stream: | |
< schema: | |
< type: string | |
--- | |
> application/octet-stream: {} | |
875,876d861 | |
< schema: | |
< type: string | |
2031,2032d2015 | |
< schema: | |
< type: string | |
2035c2018 | |
< value: "trimmed" | |
--- | |
> value: "PK\u0003\u0004\u0014\u0000\u0000\u0000\b\u0000C�kMZ�\u0017Gf\u0002\u0000\u0000�\n\u0000\u0000\u0014\u0000$\u0000Policy-WinDomain.xml\n\u0000 \u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0018\u0000����\u0002z�\u0001����\u0002z�\u0001����\u0002z�\u0001�V�n�@\u0010�#�\u000e���\u0006q��I\u0015\u0012�\"5�e��ykO�U�\u001d��N�g��#�\n���8��\u0007�\u0010��d�|3�ͯ���\u001f��%K�\u0015(-Pv�\u000f�{�\u0001\u0019c\"���\u0016f~�ɽ��\u0001�D\fΘg�q'9(n\b�D�6��]\u0016`*b\u0001z�W:��`���\u0005Ld/I:�\u0018ݵp\u0006J�ˆp8��\u000fB\u000e0�B�N�r3G�}�\u001aΨ\u0002�\u0006cL׀\u0004���zZ��Wu߾qv\u001f#SJ�Tl�r҄��\u0010\n�#�ަ�T��+�\u0014ӿ\b�נ$����?\u0011�MrC���E�w��]yBИ������\u0019\u000e�� \u0003TƖ��/�O\u0014��\t��$�Z?�JZ]����zq����[6C��\u000bͪ�J�6�\u0018e,R8e��؞�瘱{�\u0017��YK7!i�\"PզX�5�Q�\u0004ɔ��\u0005�p\u0018��<@L/\u0000CX\bmTy\u0001��,H\u000b�T��J�e�m(�-e`S\u0011/��\b�Ap�H\u0003j'\u001c�9ֻ>��H��Z5.�GP��?�Q���- �h�i�F\\R�\f�9��QJ��\u0001��r�\u0004i5ɂq�t\u007f�ht\u0013\u000e\u0002�=�\u0013:�J$P-G�\u0015Յ2:�[S�j�K\u0012�B�����OB�(�Ǩ_R�=����5�Ej�\u0007x���K�sE��L�\u0003/\u0007<�9��������r�%h'GYz\r\u001f��;��z|��z�|Ks���������\u007fTC�{t�R0����b��J^]I+���\u001e!��hw��~���k��\u000bPK\u0003\u0004\u0014\u0000\u0000\u0000\b\u0000C�kM\u0019g�2�\u0005\u0000\u0000�\u0015\u0000\u0000\u0014\u0000$\u0000Policy-WinDomain.ini\n\u0000 \u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0018\u0000����\u0002z�\u0001����\u0002z�\u0001����\u0002z�\u0001�X�o�6\u0010~v��\u000f|l\u0003ǵ���\u001a�!�#�@�\u0018v�n(��Hg��D�$����wGQ��3ֺ\u0001\u0011\f��������;���̄a����4K�e*\u0011ќe\\�\u0014,h6\u0011��Di�rɧBN�W!c�hXO�\\HƣH�Ҷ\u000e\u000f���\u0016I<I�#�fZe��\u0000\\B\u0003��#\u0017\u001ab�$.ạ����/��avƭ�J�E!��7t����_`����\u0000��.<_�#�\u0002I�\u001a�\u0003�\u0006�t-$[�\r�(�$*��E\u001ck0f��&�أ������z��[2u�d5\u001f�vO�|\u0002G[L11��GJF\"\u0011�\n��r��E'��\u0001Z˶B�Ġ��\u0013[�����֎X�Kv\u000f�d\u0010�� E��lX\tt�\u0013s�I�\"�\r�\r����LD3Z)Q�K�{��r\u000b\u001e\u001e�L\u0004w5ί���Uz^��N��\f�(2��`\f\\G�P�[ç`�?��ػ|�ݑ#\u000f<��|bs0��*���3\b4L���UW�T�\\\u0013�\u000eWk��Vyvx�OS�\u0011\f�K�\u001f\n\u0007�W,�%K��-\u0018�.�:gg�M��,~ş��v�5H��d\u0001�\tN\u000f\u000f.��\u0010S���u�(�\u001b\r̄bC��QnS`Ԅ99\f�E\u0007d\u0011����.\u0014��4E37\u0018lÆe�15L\\\ty�\u0013\u0011\u000b;\u001f�\u0016*\u000e>��n��9��\"&�\u0004��\b\f��\u0007ԋ�T,\u0005s\u0002i���H!$��w��r\u001b�n\u0004�\\vL9\u001d������ޟ�\\$\u0001�ɭ$.�m~����J����>m��=�N:��a�O�1;5�\\K\u0016)t\u0006�A��1a�E;B\u0018�C~\u0004V\u000b\u001fa���\u007f\u000e�7\u001a\u000e�\u001e���o`\u001f\u0001d����&�ꆲ�SH\u00048u$���K\u0012G���'e+N�Ã߯���x\b��8o�b�T�q9\u0005��5�\u001cY���<)\f�\u0015���\u00024�U$������O�3�xl��[*D\u0019И�1����\u000f�J?�\\\u0007ǝ-�nZ�}|rJպB\"d�z����P\f��2��.\u0007\r*:\u000bM� �T�d�e�:��'�-�7H\tXP�\u0011��'6�e�])���XZ�B��fy��Z4�ta�/@\u001f(��*ri���q\u0007�G�\u0010����{�\npaSp�9\u0010\u00159��)&^\u0015�\n��`<�\u0012o���a�{�b����h��\u0014\u007f;�\u0016�(�\u0005n�\\Ǣ�[�b�r ���M$\r��\u001c�\u000f�c�P\t�^\u0005\u001f\u001b�ȷ�\u0005K��%h�CY\u0019��Qt\u0011-\u0015#\u0017P��\u0016Y�@ib\u0019:^�\u0017>��7��\u000f<�s]�P���%�\u001d\u001aXX�Iѻ�BҪ�\nUw��.\\a钉��;�_�ھ��\u000b_&��\\�\u000b������^�WFq\u001fu+q_6U-�;b�p\u0000�hH�N�\u000f�n�p��;H\u0010�:�\u0003\u0014��H��7�U��(���V��x�\u0005\\�����bP߾\u0000B�[E�>Z,�u\u0006�V�\u0002\u0007���\u000e�G݅�\b��\t���9�\u0001�CSP�\u0003�:K�֘�F�=����\u0019u��u5\u00188��z\u0006V�\"�l-6�:�� �ܠ\u0006��#-\u0006��<f��\u0004�EB��ڷ�\u0016���\u0004x�Kʃ����@�b���ɔ\u001aU��\b�\u007fOx�X:�������9\u0011�\\\u0017����%����[�Y{Ӯ6G\u007f͈O��?ab1\b~h7Vg�2\u0012�r�Ǒ�0t��b�;\u0018k*�*\u001cխU{�?U��von]���״�2\f8-�/RhY�����ɲ2>�\u007f\u0011k���_@N�,��\u001d�o34��\u0006�\u0013��E=.=��Tؠ㾏i���JŕP�{\u0011� ���9Vys9���;̯��\u0019J��\u0001�����\u0007�oN���8t�\u0003PK\u0001\u0002-\u0000\u0014\u0000\u0000\u0000\b\u0000C�kMZ�\u0017Gf\u0002\u0000\u0000�\n\u0000\u0000\u0014\u0000$\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000Policy-WinDomain.xml\n\u0000 \u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0018\u0000����\u0002z�\u0001����\u0002z�\u0001����\u0002z�\u0001PK\u0001\u0002-\u0000\u0014\u0000\u0000\u0000\b\u0000C�kM\u0019g�2�\u0005\u0000\u0000�\u0015\u0000\u0000\u0014\u0000$\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000�\u0002\u0000\u0000Policy-WinDomain.ini\n\u0000 \u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0018\u0000����\u0002z�\u0001����\u0002z�\u0001����\u0002z�\u0001PK\u0005\u0006\u0000\u0000\u0000\u0000\u0002\u0000\u0002\u0000�\u0000\u0000\u0000�\b\u0000\u0000\u0000\u0000" | |
2253,2254d2235 | |
< schema: | |
< type: string | |
2361,2362d2341 | |
< schema: | |
< type: string | |
2529,2691c2508,2670 | |
< # "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress|ACLUserName|ACLPolicyID}/PrivilegedCommands": | |
< # get: | |
< # tags: | |
< # - OPM Commands | |
< # - Account | |
< # summary: List Account/ACL | |
< # description: This method gets a list of the privileged commands (OPM rules) associated with this account. | |
< # operationId: listAccountAcl | |
< # responses: | |
< # "200": | |
< # description: "" | |
< # "500": | |
< # description: 500 Internal Server Error (ACLAddress Required) | |
< # headers: | |
< # CA-ErrorMessage: | |
< # schema: | |
< # type: string | |
< # example: Input parameter AccountAddress is obligatory. Please fix it and try again. | |
< # CA-ErrorMessageBase64Encoded: | |
< # schema: | |
< # type: string | |
< # example: SW5wdXQgcGFyYW1ldGVyIEFjY291bnRBZGRyZXNzIGlzIG9ibGlnYXRvcnkuIFBsZWFzZSBmaXggaXQgYW5kIHRyeSBhZ2Fpbi4= | |
< # Cache-Control: | |
< # schema: | |
< # type: string | |
< # example: "no-cache, no-store, must-revalidate" | |
< # Content-Length: | |
< # schema: | |
< # type: string | |
< # example: "118" | |
< # Date: | |
< # schema: | |
< # type: string | |
< # example: "Mon, 05 Jun 2017 21:08:01 GMT" | |
< # Expires: | |
< # schema: | |
< # type: string | |
< # example: "-1" | |
< # Pragma: | |
< # schema: | |
< # type: string | |
< # example: no-cache | |
< # Server: | |
< # schema: | |
< # type: string | |
< # example: Microsoft-IIS/8.5 | |
< # Set-Cookie: | |
< # schema: | |
< # type: string | |
< # example: mobileState=Desktop; path=/PasswordVault/; HttpOnly | |
< # X-Frame-Options: | |
< # schema: | |
< # type: string | |
< # example: SAMEORIGIN | |
< # X-UA-Compatible: | |
< # schema: | |
< # type: string | |
< # example: IE=EmulateIE8 | |
< # content: | |
< # application/json: | |
< # schema: | |
< # type: object | |
< # properties: | |
< # ErrorCode: | |
< # type: string | |
< # example: CAWS00001E | |
< # ErrorMessage: | |
< # type: string | |
< # example: Input parameter AccountAddress is obligatory. Please fix it and try again. | |
< # examples: | |
< # 500 Internal Server Error (ACLAddress Required): | |
< # value: | |
< # ErrorCode: CAWS00001E | |
< # ErrorMessage: Input parameter AccountAddress is obligatory. Please fix it and try again. | |
< # put: | |
< # tags: | |
< # - OPM Commands | |
< # - Account | |
< # summary: Add Account/ACL | |
< # description: This method adds a new privileged command rule to the account. | |
< # operationId: addAccountAcl | |
< # requestBody: | |
< # content: | |
< # application/json: | |
< # schema: | |
< # type: object | |
< # properties: | |
< # Command: | |
< # type: string | |
< # example: /bin/sh | |
< # CommandGroup: | |
< # type: boolean | |
< # example: false | |
< # PermissionType: | |
< # type: string | |
< # example: Deny | |
< # Restrictions: | |
< # type: string | |
< # example: "" | |
< # UserName: | |
< # type: string | |
< # example: "*" | |
< # example: | |
< # Command: /bin/sh | |
< # CommandGroup: false | |
< # PermissionType: Deny | |
< # Restrictions: "" | |
< # UserName: "*" | |
< # responses: | |
< # "200": | |
< # description: "" | |
< # parameters: | |
< # - name: ACLAddress | |
< # in: path | |
< # required: true | |
< # schema: | |
< # type: string | |
< # - name: ACLUserName | |
< # in: path | |
< # required: true | |
< # schema: | |
< # type: string | |
< # - name: ACLPolicyID | |
< # in: path | |
< # required: true | |
< # schema: | |
< # type: string | |
< # "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress}|{ACLUserName}|{ACLPolicyID}/PrivilegedCommands/": | |
< # delete: | |
< # tags: | |
< # - OPM Commands | |
< # - Account | |
< # summary: Delete Account/ACL | |
< # description: This method deletes privileged commands rules associated with the account. | |
< # operationId: deleteAccountAcl | |
< # parameters: | |
< # - name: id | |
< # in: query | |
< # schema: | |
< # type: string | |
< # example: "1" | |
< # requestBody: | |
< # content: | |
< # application/octet-stream: {} | |
< # responses: | |
< # "200": | |
< # description: "" | |
< # parameters: | |
< # - name: ACLAddress | |
< # in: path | |
< # required: true | |
< # schema: | |
< # type: string | |
< # - name: ACLUserName | |
< # in: path | |
< # required: true | |
< # schema: | |
< # type: string | |
< # - name: ACLPolicyID | |
< # in: path | |
< # required: true | |
< # schema: | |
< # type: string | |
--- | |
> "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress}|{ACLUserName}|{ACLPolicyID}/PrivilegedCommands": | |
> get: | |
> tags: | |
> - OPM Commands | |
> - Account | |
> summary: List Account/ACL | |
> description: This method gets a list of the privileged commands (OPM rules) associated with this account. | |
> operationId: listAccountAcl | |
> responses: | |
> "200": | |
> description: "" | |
> "500": | |
> description: 500 Internal Server Error (ACLAddress Required) | |
> headers: | |
> CA-ErrorMessage: | |
> schema: | |
> type: string | |
> example: Input parameter AccountAddress is obligatory. Please fix it and try again. | |
> CA-ErrorMessageBase64Encoded: | |
> schema: | |
> type: string | |
> example: SW5wdXQgcGFyYW1ldGVyIEFjY291bnRBZGRyZXNzIGlzIG9ibGlnYXRvcnkuIFBsZWFzZSBmaXggaXQgYW5kIHRyeSBhZ2Fpbi4= | |
> Cache-Control: | |
> schema: | |
> type: string | |
> example: "no-cache, no-store, must-revalidate" | |
> Content-Length: | |
> schema: | |
> type: string | |
> example: "118" | |
> Date: | |
> schema: | |
> type: string | |
> example: "Mon, 05 Jun 2017 21:08:01 GMT" | |
> Expires: | |
> schema: | |
> type: string | |
> example: "-1" | |
> Pragma: | |
> schema: | |
> type: string | |
> example: no-cache | |
> Server: | |
> schema: | |
> type: string | |
> example: Microsoft-IIS/8.5 | |
> Set-Cookie: | |
> schema: | |
> type: string | |
> example: mobileState=Desktop; path=/PasswordVault/; HttpOnly | |
> X-Frame-Options: | |
> schema: | |
> type: string | |
> example: SAMEORIGIN | |
> X-UA-Compatible: | |
> schema: | |
> type: string | |
> example: IE=EmulateIE8 | |
> content: | |
> application/json: | |
> schema: | |
> type: object | |
> properties: | |
> ErrorCode: | |
> type: string | |
> example: CAWS00001E | |
> ErrorMessage: | |
> type: string | |
> example: Input parameter AccountAddress is obligatory. Please fix it and try again. | |
> examples: | |
> 500 Internal Server Error (ACLAddress Required): | |
> value: | |
> ErrorCode: CAWS00001E | |
> ErrorMessage: Input parameter AccountAddress is obligatory. Please fix it and try again. | |
> put: | |
> tags: | |
> - OPM Commands | |
> - Account | |
> summary: Add Account/ACL | |
> description: This method adds a new privileged command rule to the account. | |
> operationId: addAccountAcl | |
> requestBody: | |
> content: | |
> application/json: | |
> schema: | |
> type: object | |
> properties: | |
> Command: | |
> type: string | |
> example: /bin/sh | |
> CommandGroup: | |
> type: boolean | |
> example: false | |
> PermissionType: | |
> type: string | |
> example: Deny | |
> Restrictions: | |
> type: string | |
> example: "" | |
> UserName: | |
> type: string | |
> example: "*" | |
> example: | |
> Command: /bin/sh | |
> CommandGroup: false | |
> PermissionType: Deny | |
> Restrictions: "" | |
> UserName: "*" | |
> responses: | |
> "200": | |
> description: "" | |
> parameters: | |
> - name: ACLAddress | |
> in: path | |
> required: true | |
> schema: | |
> type: string | |
> - name: ACLUserName | |
> in: path | |
> required: true | |
> schema: | |
> type: string | |
> - name: ACLPolicyID | |
> in: path | |
> required: true | |
> schema: | |
> type: string | |
> "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress}|{ACLUserName}|{ACLPolicyID}/PrivilegedCommands/": | |
> delete: | |
> tags: | |
> - OPM Commands | |
> - Account | |
> summary: Delete Account/ACL | |
> description: This method deletes privileged commands rules associated with the account. | |
> operationId: deleteAccountAcl | |
> parameters: | |
> - name: id | |
> in: query | |
> schema: | |
> type: string | |
> example: "1" | |
> requestBody: | |
> content: | |
> application/octet-stream: {} | |
> responses: | |
> "200": | |
> description: "" | |
> parameters: | |
> - name: ACLAddress | |
> in: path | |
> required: true | |
> schema: | |
> type: string | |
> - name: ACLUserName | |
> in: path | |
> required: true | |
> schema: | |
> type: string | |
> - name: ACLPolicyID | |
> in: path | |
> required: true | |
> schema: | |
> type: string | |
2766c2745 | |
< example: "41_4" | |
--- | |
> example: 41_4 | |
2818c2797 | |
< - AccountID: "41_4" | |
--- | |
> - AccountID: 41_4 | |
2852c2831 | |
< - AccountID: "41_4" | |
--- | |
> - AccountID: 41_4 | |
2969,2971c2948 | |
< application/octet-stream: | |
< schema: | |
< type: string | |
--- | |
> application/octet-stream: {} | |
3325,3326d3301 | |
< schema: | |
< type: string | |
3344,3346c3319 | |
< application/octet-stream: | |
< schema: | |
< type: string | |
--- | |
> application/octet-stream: {} | |
3507,3508d3479 | |
< schema: | |
< type: string | |
3527,3529c3498 | |
< application/octet-stream: | |
< schema: | |
< type: string | |
--- | |
> application/octet-stream: {} | |
3764,3766c3733 | |
< application/octet-stream: | |
< schema: | |
< type: string | |
--- | |
> application/octet-stream: {} | |
3971,3972d3937 | |
< schema: | |
< type: string | |
4086,4087d4050 | |
< schema: | |
< type: string | |
4217,4218d4179 | |
< schema: | |
< type: string | |
4240,4241d4200 | |
< schema: | |
< type: string | |
4483,4484d4441 | |
< schema: | |
< type: string | |
4621,4622d4577 | |
< schema: | |
< type: string | |
4989,4990d4943 | |
< schema: | |
< type: string | |
5194c5147 | |
< example: "29_7" | |
--- | |
> example: 29_7 | |
5239c5192 | |
< id: "29_7" | |
--- | |
> id: 29_7 | |
5381c5334 | |
< example: "24_3" | |
--- | |
> example: 24_3 | |
5414c5367 | |
< id: "24_3" | |
--- | |
> id: 24_3 | |
5547c5500 | |
< example: "29_3" | |
--- | |
> example: 29_3 | |
5577c5530 | |
< id: "29_3" | |
--- | |
> id: 29_3 | |
5604,5605d5556 | |
< schema: | |
< type: string | |
5683,5684d5633 | |
< schema: | |
< type: string | |
5753,5755c5702 | |
< application/octet-stream: | |
< schema: | |
< type: string | |
--- | |
> application/octet-stream: {} | |
6602,6603d6548 | |
< schema: | |
< type: string | |
6736,6737d6680 | |
< schema: | |
< type: string | |
8328,8329d8270 | |
< schema: | |
< type: string | |
12369c12310 | |
< - name: Public SSH Authentication | |
--- | |
> - name: Public SSH Authentication | |
\ No newline at end of file |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
openapi: 3.0.3 | |
info: | |
title: "CyberArk REST API [PUBLIC]" | |
description: "All available requests in CyberArk Privileged Account Security Web Services for All Versions\n\n**Last Updated Version:** v11.7\n\n# THIS IS UNOFFICIAL DOCUMENTATION\n\n## New Features & Additions\n\n* Bulk Upload Accounts endpoints now available in Accounts > Bulk Upload Accounts.\n* Authentication Methods can be managed via API.\n* All Platform Management can be managed via API.\n* Initial documentation of CyberArk's IDaptive Identity Platform API is available within the \"IDaptive Identity Platform\" folder.\n\nHappy automating!\n\n## Getting Started Guide\n\n[Getting Started with REST Using Postman](https://github.com/infamousjoeg/CyberArk-RESTAPI/blob/master/Getting%20Started%20with%20REST%20Using%20Postman.pdf) (PDF)\n\n## Community Tools\n\n* [psPAS](https://github.com/pspete/psPAS) - PowerShell Module for CyberArk's REST API\n* [CredentialRetriever](https://github.com/pspete/CredentialRetriever) - PowerShell Module for CyberArk's Application Access Manager (AAM)\n* [pyAIM](https://github.com/infamousjoeg/pyAIM) - Python Client Library for CyberArk's Application Access Manager (AAM)\n\n## Code Examples\n\n* [cyberark/epv-api-scripts](https://github.com/cyberark/epv-api-scripts)\n* [infamousjoeg on GitHub](https://github.com/infamousjoeg?tab=repositories)\n* [CyberArk's Automation Greatest Hits (Awesome List of Automation)](https://cybr.rocks/greatesthits)\n\n## YouTube Videos Playlist\n\n* [CyberArk Videos Playlist Curated by InfamousJoeG](https://www.youtube.com/playlist?list=PL-p_9AwMQDmkS6rCXQrINn0Xc7dv73dWU)\n\n## Maintainer\n\n[Joe Garcia](https://github.com/infamousjoeg)\n\n[Buy me a coffee](https://www.buymeacoffee.com/infamousjoeg)\n\n## Status Codes\n\n| Status Name | Status Code | Status Description |\n|---|---|---|\n| Success | 200 | The request succeeded. The actual response will depend on the request method used. |\n| Created | 201 | The request was fulfilled and resulted in a new resource being created. |\n| Bad Request | 400 | The request could not be understood by the server due to incorrect syntax. |\n| Unauthorized | 401 | The request requires user authentication. |\n| Forbidden | 403 | The server received and understood the request, but will not fulfill it. Authorization will not help and the request MUST NOT be repeated. |\n| Not Found | 404 | The server did not find anything that matches the Request-URI. No indication is given of whether the condition is temporary or permanent. |\n| Conflict | 409 | The request could not be completed due to a conflict with the current state of the resource. |\n| Internal Server Error | 500 | The server encountered an unexpected condition which prevented it from fulfilling the request. |\n\n_NOTE: If you are having issues with DEL or PUT methods, make sure that your Password Vault Web Access (PVWA) Server's IIS instance does not include WebDav Publishing. This will cause known issues._" | |
version: 1.0.0 | |
contact: {} | |
servers: | |
- url: "{{BaseURL}}" | |
- url: "https://{{BaseURL}}" | |
- url: "{{PTABaseURL}}" | |
paths: | |
/AIMWebService/api/Accounts: | |
get: | |
tags: | |
- Central Credential Provider (CCP) | |
summary: GetPassword | |
description: "GetPassword – This service enables applications to retrieve passwords from the\r\nCentral Credential Provider.\r\n\r\n- AppID (REQUIRED)\r\n - Specifies the unique ID of the application issuing the password request.\r\n- Safe\r\n - Specifies the name of the Safe where the password is stored.\r\n- Folder\r\n - Specifies the name of the folder where the password is stored. (Default: Root)\r\n- Object\r\n - Specifies the name of the password object to retrieve.\r\n- UserName\r\n - Defines search criteria according to the UserName account property.\r\n- Address\r\n - Defines search criteria according to the Address account property.\r\n- Database\r\n - Defines search criteria according to the Database account property.\r\n- PolicyID\r\n - Defines the format that will be used in the setPolicyID method.\r\n- Reason\r\n - The reason for retrieving the password. This reason will be audited in the Credential Provider audit log.\r\n- ConnectionTimeout\r\n - The number of seconds that the Central Credential Provider will try to retrieve the password. The timeout is calculated when the request is sent from the web service to the Vault and returned back to the web service.\r\n - 30 (Default)\r\n- Query\r\n - Defines a free query using account properties, including Safe, folder, and object. When this method is specified, all other search criteria (Safe/Folder/Object/UserName/Address/PolicyID/Database) are ignored and only the account properties that are specified in the query are passed to the Central Credential Provider in the password request.\r\n- QueryFormat\r\n - Defines the query format, which can optionally use regular expressions.\r\n - Possible values are:\r\n - Exact (Default)\r\n - Regexp\r\n- FailedRequestOnPasswordChange\r\n - Whether or not an error will be returned if this web service is called when a password change process is underway.\r\n - True\r\n - False (Default)" | |
operationId: getPassword | |
parameters: | |
- name: AppID | |
in: query | |
schema: | |
type: string | |
example: "{{AppID}}" | |
- name: Safe | |
in: query | |
schema: | |
type: string | |
example: "{{Safe}}" | |
- name: Object | |
in: query | |
schema: | |
type: string | |
example: "{{ObjectName}}" | |
- name: Username | |
in: query | |
schema: | |
type: string | |
example: "{{UserName}}" | |
requestBody: | |
content: | |
application/form-urlencoded: | |
schema: | |
type: object | |
properties: {} | |
example: {} | |
responses: | |
"200": | |
description: "" | |
/API/AccountGroups/: | |
post: | |
tags: | |
- Accounts | |
- Account Groups | |
summary: Add Account Group | |
description: "This method enables application managers to define a new account group automatically, and manage accounts as part of a group.\n\nTo create an account group, users require the following permissions in the Safe where the group is created:\n* Add accounts\n* Update account content\n* Update account properties\n* Create folders\n\n**Note:** _The following characters are not supported in URL values in the Body:_ **+ & % #**" | |
operationId: addAccountGroup | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
GroupName: | |
type: string | |
example: "{{GroupName}}" | |
GroupPlatform: | |
type: string | |
example: "{{PlatformID}}" | |
Safe: | |
type: string | |
example: "{{Safe}}" | |
example: | |
GroupName: "{{GroupName}}" | |
GroupPlatform: "{{PlatformID}}" | |
Safe: "{{Safe}}" | |
responses: | |
"200": | |
description: "" | |
"/API/AccountGroups/{GroupName}/Members": | |
post: | |
tags: | |
- Accounts | |
- Account Groups | |
summary: Add Account to Account Group | |
description: "This method adds an account as a member to an existing account group. The account can contain either a password or SSH key. All members of an account group must be stored in the same Safe as the group itself.\n\nTo add an account as a member to an account group, users require the following permissions to the Safe where the group is created:\n* Add accounts\n* Update account content\n* Update account properties\n\n**Note:** _The following characters are not support in URL values in the Body:_ **+ & % #**" | |
operationId: addAccountToAccountGroup | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
AccountID: | |
type: string | |
example: "{{AccountID}}" | |
example: | |
AccountID: "{{AccountID}}" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: GroupName | |
in: path | |
required: true | |
schema: | |
type: string | |
/API/Platforms/Import: | |
post: | |
tags: | |
- Platforms | |
summary: Import Platform | |
description: This method enables administrators to import new platforms and dependencies. | |
operationId: importPlatform | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"ImportFile\": {zip file in the format of BASE 64 array}\n}" | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/API/AccountGroups: | |
get: | |
tags: | |
- Accounts | |
- Account Groups | |
summary: Get Account Group by Safe | |
description: "This method returns all the account groups in a specific Safe. The user performing this task must have the following permissions in the Safe:\r\n\r\n* Add accounts\r\n* Update account content\r\n* Update account properties\r\n* Create folders" | |
operationId: getAccountGroupBySafe | |
parameters: | |
- name: Safe | |
in: query | |
schema: | |
type: string | |
example: "{{Safe}}" | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/API/AccountGroups/{GroupName}/Members": | |
get: | |
tags: | |
- Accounts | |
- Account Groups | |
summary: Get Account Group Members | |
description: "This method returns all the members of an existing account group. These accounts can be either password accounts or SSH Key accounts.\n\n__NOTE: All members of account groups must be stored in the same Safe as the group itself.__\n\nThe user performing this task must have the following permissions in the Safe:\n\n* Add accounts\n* Update account content\n* Update account properties\n* Create folders" | |
operationId: getAccountGroupMembers | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: GroupName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/AccountGroups/{GroupName}/Members/{AccountID}": | |
delete: | |
tags: | |
- Accounts | |
- Account Groups | |
summary: Delete Member from Account Group | |
description: "This method removes an account member from an account group. This account can be either a password account or an SSH Key account.\r\n\r\nThe user performing this task must have the following permissions in the Safe:\r\n\r\n* Add accounts\r\n* Update account content\r\n* Update account properties\r\n* Create folders" | |
operationId: deleteMemberFromAccountGroup | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: {} | |
example: {} | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: GroupName | |
in: path | |
required: true | |
schema: | |
type: string | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Accounts/{AccountID}/Change": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v1 API1 | |
summary: "Change Credentials Immediately [v9.10+]" | |
description: "This method marks an account for an immediate credentials change by the CPM to a new random value.\r\n\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n\r\n* Initiate CPM password management operations" | |
operationId: changeCredentialsImmediatelyV910 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
ChangeEntireGroup: | |
type: string | |
example: "true" | |
example: | |
ChangeEntireGroup: "true" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Accounts/{AccountID}/CheckIn": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v2 API1 | |
summary: Check In an Exclusive Account | |
description: "This method checks an exclusive account into the Vault.\n\n* If the account is managed automatically by the CPM, after it is checked in, the password is changed immediately.\n* If the account is managed manually, a notification is sent to a user who is authorized to change the password. The account is checked in automatically after it has been changed.\n\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\n\n* Initiate CPM password management operations" | |
operationId: checkInAnExclusiveAccount | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Accounts/{AccountID}/PSMConnect": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v2 API1 | |
summary: Connect Using PSM | |
description: "This method enables you to connect to an account through PSM (PSMConnect) using a connection method defined in the PVWA.\n\nA response header defines which connection method is returned.\n\nFor more information, refer to [Privileged Session Management Interface](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-the-Privileged-Session-Management-Interface.htm).\n\n## Header Parameter\n\nParameter: Accept\n\nType: String\n\nDescription: The table below describes the expected response format depending on the value of the Accept header in the request, per connection method configuration (RDP File or PSM Gateway).\n\n| PVWA configuration | Optional values | Connection method |\n| --- | --- | --- |\n| RDP | application/json, application/octet-stream (default), `*/ *` | RDPFile (JSON), RDPFile (octet-stream raw) |\n| PSMGW | `* / *` | PSMGW (JSON) - Returns the HTML5 connection data. |\n\n**Note:** To use PSMGW, PSMGW must be configured before using this REST API in order to receive a PSMGW response." | |
operationId: connectUsingPsm | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"reason\":\"<Reason>\",\n\t\"TicketingSystemName\":\"<Ticketing system>\",\n\t\"TicketId\":\"<Ticketid>\",\n\t\"ConnectionComponent\":\"<Connection component id>\",\n\t\"ConnectionParams\": {\n\t\t\"<Connection parameter name>\": {\n\t\t\t\"value\":\"<Connection parameter value>\",\n\t\t\t\"ShouldSave\":<true\\false>\n\t\t},\n\t\t\"<Connection parameter name>\": {\n\t\t\t\"value\":\"<Connection parameter value>\",\n\t\t\t\"ShouldSave\":<true\\false>\n\t\t}\n\t}\n}" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Accounts/{AccountID}/Password/Update": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v1 API1 | |
summary: "Change Credentials in the Vault [v10]" | |
description: "This method enables users to set the account's credentials and change it in the Vault.\r\n\r\nThis will not affect the credentials on the target device.\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n\r\n* Update password value" | |
operationId: changeCredentialsInTheVaultV10 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
AutoGenerate: | |
type: string | |
example: "true" | |
ChangeCredsForGroup: | |
type: string | |
example: "true" | |
NewCredentials: | |
type: string | |
example: "" | |
example: | |
AutoGenerate: "true" | |
ChangeCredsForGroup: "true" | |
NewCredentials: "" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Accounts/{AccountID}/Reconcile": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v1 API1 | |
summary: "Reconcile Credentials [v9.10+]" | |
description: "This method marks an account for automatic reconciliation by the CPM.\r\n\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n\r\n* Initiate CPM password management operations" | |
operationId: reconcileCredentialsV910 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: {} | |
example: {} | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Accounts/{AccountID}/SetNextPassword": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v1 API1 | |
summary: "Change Credentials and Set Next Password [v10]" | |
description: "This method enables users to set the account's credentials to use for the next CPM change.\r\n\r\nThe user who runs this web service requires the following permissions in the Safe where the privileged account is stored:\r\n\r\n* Initiate CPM password management operations\r\n* Specify next password value" | |
operationId: changeCredentialsAndSetNextPasswordV10 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
ChangeImmediately: | |
type: string | |
example: "true" | |
NewCredentials: | |
type: string | |
example: Cyberark1 | |
example: | |
ChangeImmediately: "true" | |
NewCredentials: Cyberark1 | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Accounts/{AccountID}/Verify": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v1 API1 | |
summary: "Verify Credentials [v9.10+]" | |
description: "This method marks an account for verification by the CPM, and can be used in versions from v9.10.\r\n\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n\r\n* Initiate CPM password management operations" | |
operationId: verifyCredentialsV910 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: {} | |
example: {} | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/API/Auth/CyberArk/Logon: | |
post: | |
tags: | |
- Authentication | |
- v2 API123 | |
summary: Logon - CyberArk Authentication | |
description: "This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method enables you to set a new password." | |
operationId: logonCyberArkAuthentication | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"username\": \"{{apiUsername}}\",\n\t\"password\": \"{{apiPassword}}\",\n\t\"newPassword\": \"<optional>\",\n\t\"concurrentSession\": \"false\" // v11.3\n}" | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "182" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 20:50:14 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: CA55555=cyberark; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/octet-stream: | |
schema: | |
type: string | |
examples: | |
200 OK: | |
value: "\"OTc5NjZlZDUtZDY0YS00N2RmLThiNjYtM2FhMWE5YzMwMWEwO0M3OEVBNTNGRjY1OEEzMDM7MDAwMDAwMDI4QzE1Mzk4RkIxQTU2MkNEMUQ0RTkxQTZGQTgxRkM2QTA2NTU0RTQ4NEQwMEQ5ODVERDhFRDQ1MjM3RkQzMkY1MDAwMDAwMDA7\"" | |
/PasswordVault/API/Auth/LDAP/Logon: | |
post: | |
tags: | |
- Authentication | |
- v2 API123 | |
summary: Logon - LDAP Authentication | |
description: "This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method enables you to set a new password." | |
operationId: logonLdapAuthentication | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"username\": \"{{apiUsername}}\",\n\t\"password\": \"{{apiPassword}}\",\n\t\"newPassword\": \"<optional>\",\n\t\"concurrentSession\": \"false\" // v11.3\n}" | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/API/Auth/Logoff: | |
post: | |
tags: | |
- Authentication | |
- v2 API123 | |
summary: Logoff | |
description: This method logs off the user and removes the Vault session. | |
operationId: logoff1 | |
requestBody: | |
content: | |
application/octet-stream: | |
schema: | |
type: string | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "16" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 20:51:24 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
LogoffUrl: | |
type: string | |
example: "" | |
examples: | |
200 OK: | |
value: | |
LogoffUrl: "" | |
/PasswordVault/API/Auth/radius/Logon: | |
post: | |
tags: | |
- Authentication | |
- v2 API123 | |
summary: Logon - RADIUS Authentication | |
description: "This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method enables you to set a new password." | |
operationId: logonRadiusAuthentication | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Password: | |
type: string | |
example: "{{apiPassword}}" | |
Username: | |
type: string | |
example: "{{apiUsername}}" | |
concurrentSessions: | |
type: string | |
example: "false" | |
example: | |
Password: "{{apiPassword}}" | |
Username: "{{apiUsername}}" | |
concurrentSessions: "false" | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/API/ComponentsMonitoringDetails/{ComponentsID}": | |
get: | |
tags: | |
- System Health | |
summary: System Details | |
description: "This method returns details about specific components and all their installed instances, and system health information for each one.\n\n_Valid ComponentsID values: PVWA/SessionManagement/CPM/AIM_" | |
operationId: systemDetails | |
responses: | |
"200": | |
description: 200 OK (AIM) | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "200" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:22:30 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
ComponentsDetails: | |
type: array | |
items: | |
type: object | |
properties: | |
ComponentIP: | |
type: string | |
example: 192.168.3.108 | |
ComponentSpecificStat: | |
type: number | |
example: -1 | |
ComponentUserName: | |
type: string | |
example: Prov_COMPONENTS2016 | |
ComponentVersion: | |
type: string | |
example: 10.5.0.23 | |
IsLoggedOn: | |
type: boolean | |
example: true | |
LastLogonDate: | |
type: number | |
example: 1541898221 | |
example: | |
- ComponentIP: 192.168.3.108 | |
ComponentSpecificStat: -1 | |
ComponentUserName: Prov_COMPONENTS2016 | |
ComponentVersion: 10.5.0.23 | |
IsLoggedOn: true | |
LastLogonDate: 1541898221 | |
examples: | |
200 OK (AIM): | |
value: | |
ComponentsDetails: | |
- ComponentIP: 192.168.3.108 | |
ComponentSpecificStat: -1 | |
ComponentUserName: Prov_COMPONENTS2016 | |
ComponentVersion: 10.5.0.23 | |
IsLoggedOn: true | |
LastLogonDate: 1541898221 | |
parameters: | |
- name: ComponentsID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/API/ComponentsMonitoringSummary: | |
get: | |
tags: | |
- System Health | |
summary: System Summary | |
description: "This method returns consolidated information about the Vault, PVWA, CPM, PSM/PSMP, and AIM, including all clients that are relevant to each specific component." | |
operationId: systemSummary | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "742" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:23:03 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Components: | |
type: array | |
items: | |
type: object | |
properties: | |
ComponentID: | |
type: string | |
example: PVWA | |
ComponentName: | |
type: string | |
example: PVWA | |
ComponentSpecificStat: | |
type: number | |
example: 1 | |
ComponentTotalCount: | |
type: number | |
example: 1 | |
ConnectedComponentCount: | |
type: number | |
example: 1 | |
Description: | |
type: string | |
example: Active Users | |
example: | |
- ComponentID: PVWA | |
ComponentName: PVWA | |
ComponentSpecificStat: 1 | |
ComponentTotalCount: 1 | |
ConnectedComponentCount: 1 | |
Description: Active Users | |
- ComponentID: CPM | |
ComponentName: CPM | |
ComponentSpecificStat: 32 | |
ComponentTotalCount: 1 | |
ConnectedComponentCount: 1 | |
Description: Managed Accounts | |
- ComponentID: SessionManagement | |
ComponentName: PSM/PSMP | |
ComponentSpecificStat: 0 | |
ComponentTotalCount: 2 | |
ConnectedComponentCount: 2 | |
Description: Concurrent Sessions | |
- ComponentID: AIM | |
ComponentName: AIM Credential Provider | |
ComponentSpecificStat: 4 | |
ComponentTotalCount: 1 | |
ConnectedComponentCount: 1 | |
Description: Applications | |
Vaults: | |
type: array | |
items: | |
type: object | |
properties: | |
IP: | |
type: string | |
example: 192.168.3.101 | |
IsLoggedOn: | |
type: boolean | |
example: true | |
Role: | |
type: string | |
example: Primary | |
example: | |
- IP: 192.168.3.101 | |
IsLoggedOn: true | |
Role: Primary | |
examples: | |
200 OK: | |
value: | |
Components: | |
- ComponentID: PVWA | |
ComponentName: PVWA | |
ComponentSpecificStat: 1 | |
ComponentTotalCount: 1 | |
ConnectedComponentCount: 1 | |
Description: Active Users | |
- ComponentID: CPM | |
ComponentName: CPM | |
ComponentSpecificStat: 32 | |
ComponentTotalCount: 1 | |
ConnectedComponentCount: 1 | |
Description: Managed Accounts | |
- ComponentID: SessionManagement | |
ComponentName: PSM/PSMP | |
ComponentSpecificStat: 0 | |
ComponentTotalCount: 2 | |
ConnectedComponentCount: 2 | |
Description: Concurrent Sessions | |
- ComponentID: AIM | |
ComponentName: AIM Credential Provider | |
ComponentSpecificStat: 4 | |
ComponentTotalCount: 1 | |
ConnectedComponentCount: 1 | |
Description: Applications | |
Vaults: | |
- IP: 192.168.3.101 | |
IsLoggedOn: true | |
Role: Primary | |
/PasswordVault/API/ConnectionComponents/Import: | |
post: | |
tags: | |
- Session Management | |
summary: Import Connection Component | |
description: This method enables administrators to import a new connection component. | |
operationId: importConnectionComponent | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n \"ImportFile\": {zip file byte array}\n}" | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/API/IncomingRequests: | |
get: | |
tags: | |
- Requests | |
- Confirm Requests | |
summary: Get Incoming Request List | |
description: This method returns a list of all the requests for the confirmer to respond to. | |
operationId: getIncomingRequestList | |
parameters: | |
- name: onlywaiting | |
in: query | |
schema: | |
type: string | |
example: "false" | |
- name: expired | |
in: query | |
schema: | |
type: string | |
example: "false" | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/API/IncomingRequests/{RequestID}": | |
get: | |
tags: | |
- Requests | |
- Confirm Requests | |
summary: Get Details of a Request for Confirmation | |
description: This method returns details of a specific request in the Incoming Requests list. | |
operationId: getDetailsOfARequestForConfirmation | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: RequestID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/IncomingRequests/{RequestID}/Confirm": | |
post: | |
tags: | |
- Requests | |
- Confirm Requests | |
summary: Confirm Request | |
description: "This method enables a request confirmer to confirm a single request, identified by its request ID." | |
operationId: confirmRequest | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Reason: | |
type: string | |
example: "Automatically accepted via CyberArk Web Services on {{$timestamp}}" | |
example: | |
Reason: "Automatically accepted via CyberArk Web Services on {{$timestamp}}" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: RequestID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/IncomingRequests/{RequestID}/Reject": | |
post: | |
tags: | |
- Requests | |
- Confirm Requests | |
summary: Reject Request | |
description: "This method enables a request confirmer to reject a single request, identified by its request ID." | |
operationId: rejectRequest | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Reason: | |
type: string | |
example: "Rejected automatically by CyberArk Web Services on {{$timestamp}}" | |
example: | |
Reason: "Rejected automatically by CyberArk Web Services on {{$timestamp}}" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: RequestID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/API/LiveSessions: | |
get: | |
tags: | |
- Monitor Sessions | |
summary: Get Live Sessions | |
description: This method returns details of live sessions. | |
operationId: getLiveSessions | |
parameters: | |
- name: Limit | |
in: query | |
schema: | |
type: string | |
example: "25" | |
- name: Sort | |
in: query | |
schema: | |
type: string | |
example: RiskScore | |
- name: Offset | |
in: query | |
schema: | |
type: string | |
example: "0" | |
- name: Search | |
in: query | |
schema: | |
type: string | |
example: adm_domain | |
- name: Safe | |
in: query | |
schema: | |
type: string | |
example: "{{Safe}}" | |
- name: FromTime | |
in: query | |
schema: | |
type: string | |
example: "1514808001" | |
- name: ToTime | |
in: query | |
schema: | |
type: string | |
example: "1515326399" | |
- name: Activities | |
in: query | |
schema: | |
type: string | |
example: regedit | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/API/LiveSessions/{LiveSessionID}": | |
get: | |
tags: | |
- Monitor Sessions | |
summary: Get Live Session Details | |
description: This method returns details of live sessions. | |
operationId: getLiveSessionDetails | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: LiveSessionID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/LiveSessions/{LiveSessionID}/Resume": | |
post: | |
tags: | |
- Monitor Sessions | |
- Session Actions | |
summary: Resume a Suspended Session | |
description: "The system will resume the suspended active session and allow the privileged user to continue working.\n\nFor more information on configuration, see [Active session monitoring settings](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Live-Session-Monitoring.htm#ActiveSessionMonitoringSettings)." | |
operationId: resumeASuspendedSession | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: {} | |
example: {} | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: LiveSessionID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/LiveSessions/{LiveSessionID}/Suspend": | |
post: | |
tags: | |
- Monitor Sessions | |
- Session Actions | |
summary: Suspend an Active Session | |
description: "The system will prevent a user from interacting with an active session until a security manager resumes it. This allows security teams to review the potentially risky session's audit trail to determine whether to allow the privileged user to continue their work.\n\nFor more information on configuration, see [Active session monitoring settings](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Live-Session-Monitoring.htm#ActiveSessionMonitoringSettings)." | |
operationId: suspendAnActiveSession | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: {} | |
example: {} | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: LiveSessionID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/LiveSessions/{LiveSessionID}/Terminate": | |
post: | |
tags: | |
- Monitor Sessions | |
- Session Actions | |
summary: Terminate an Active Session | |
description: "This method enables the system to terminate an active PSM session immediately to prevent high-risk activities. For more information on configuration, see [Active session monitoring settings](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Live-Session-Monitoring.htm#ActiveSessionMonitoringSettings)." | |
operationId: terminateAnActiveSession | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: {} | |
example: {} | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: LiveSessionID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/LiveSessions/{LiveSessionID}/activities": | |
get: | |
tags: | |
- Monitor Sessions | |
summary: Get Live Session Activities | |
description: This method returns details of live sessions. | |
operationId: getLiveSessionActivities | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: LiveSessionID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/LiveSessions/{LiveSessionID}/properties": | |
get: | |
tags: | |
- Monitor Sessions | |
summary: Get Live Session Properties | |
description: This method returns details of live sessions. | |
operationId: getLiveSessionProperties | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: LiveSessionID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/API/MyRequests: | |
get: | |
tags: | |
- Requests | |
- My Requests | |
summary: Get My Requests | |
description: "This method returns a list of the end user's requests." | |
operationId: getMyRequests | |
parameters: | |
- name: onlywaiting | |
in: query | |
schema: | |
type: string | |
example: "false" | |
- name: expired | |
in: query | |
schema: | |
type: string | |
example: "false" | |
responses: | |
"200": | |
description: "" | |
post: | |
tags: | |
- Requests | |
- My Requests | |
summary: Create a Request | |
description: This method creates an access request for a specific account. This account may be either a password account or an SSH Key account. | |
operationId: createARequest | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
AccountID: | |
type: string | |
example: "{{AccountID}}" | |
Reason: | |
type: string | |
example: Access requested via CyberArk Web Services | |
TicketingSystemName: | |
type: string | |
example: ServiceNow | |
example: | |
AccountID: "{{AccountID}}" | |
Reason: Access requested via CyberArk Web Services | |
TicketingSystemName: ServiceNow | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/API/MyRequests/{RequestID}": | |
get: | |
tags: | |
- Requests | |
- My Requests | |
summary: Get Details of My Requests | |
description: This method returns details of all the requests in My Requests list. | |
operationId: getDetailsOfMyRequests | |
responses: | |
"200": | |
description: "" | |
delete: | |
tags: | |
- Requests | |
- My Requests | |
summary: Delete My Request | |
description: This method deletes a request made by a user. | |
operationId: deleteMyRequest | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: {} | |
example: {} | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: RequestID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/API/PSM/Connectors: | |
get: | |
tags: | |
- Session Management | |
summary: Get All Connection Components | |
description: This method allows Vault admins to get the list of all connection components of an entire environment. | |
operationId: getAllConnectionComponents | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache,no-store, no-cache, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "1468" | |
Date: | |
schema: | |
type: string | |
example: "Thu, 24 Sep 2020 00:54:41 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: "no-cache,no-cache" | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
PSMConnectors: | |
type: array | |
items: | |
type: object | |
properties: | |
DisplayName: | |
type: string | |
example: "" | |
ID: | |
type: string | |
example: SSH | |
example: | |
- DisplayName: "" | |
ID: SSH | |
- DisplayName: "" | |
ID: RDP | |
- DisplayName: "" | |
ID: PuTTY | |
- DisplayName: "" | |
ID: RDPapplet-Sample | |
- DisplayName: "" | |
ID: RDPWinApplet | |
- DisplayName: "" | |
ID: WebConnection | |
- DisplayName: "" | |
ID: PSM-RDP | |
- DisplayName: "" | |
ID: PSM-SSH | |
- DisplayName: "" | |
ID: PSM-Telnet-Sample | |
- DisplayName: "" | |
ID: PSM-TOAD | |
- DisplayName: "" | |
ID: PSM-SQLPlus | |
- DisplayName: "" | |
ID: PSM-VSPHERE | |
- DisplayName: "" | |
ID: PSM-AS400 | |
- DisplayName: "" | |
ID: PSM-OS390 | |
- DisplayName: "" | |
ID: PSM-SQLServerMgmtStudio | |
- DisplayName: "" | |
ID: PSM-WebFormSample | |
- DisplayName: SQL Server Mgmt Studio | |
ID: PSM-SQLServerMgmtStudio-Win | |
- DisplayName: CyberArk Password Vault Web Application v9 | |
ID: PSM-PVWA | |
- DisplayName: "" | |
ID: PSM-PrivateArkClient | |
- DisplayName: "" | |
ID: PSM-VNCClientSample | |
- DisplayName: "" | |
ID: PSM-VNCClientSample-AutoDeployed | |
- DisplayName: AWS Console with STS | |
ID: PSM-AWSConsoleWithSTS | |
- DisplayName: "" | |
ID: PSM-WinSCP | |
- DisplayName: CyberArk PTA | |
ID: PSM-PTA | |
- DisplayName: "" | |
ID: PSM-WebAppSample | |
- DisplayName: Microsoft Azure Portal | |
ID: PSM-MS-AzurePortal | |
- DisplayName: VMWare vSphere Web | |
ID: PSM-VSPHERE-Web | |
- DisplayName: CyberArk Password Vault Web Application v10 | |
ID: PSM-PVWA-v10 | |
- DisplayName: "" | |
ID: PSM-SAPGUI | |
- DisplayName: SQL Server Mgmt Studio Database | |
ID: PSM-SQLServerMgmtStudio-Database | |
Total: | |
type: number | |
example: 30 | |
examples: | |
200 OK: | |
value: | |
PSMConnectors: | |
- DisplayName: "" | |
ID: SSH | |
- DisplayName: "" | |
ID: RDP | |
- DisplayName: "" | |
ID: PuTTY | |
- DisplayName: "" | |
ID: RDPapplet-Sample | |
- DisplayName: "" | |
ID: RDPWinApplet | |
- DisplayName: "" | |
ID: WebConnection | |
- DisplayName: "" | |
ID: PSM-RDP | |
- DisplayName: "" | |
ID: PSM-SSH | |
- DisplayName: "" | |
ID: PSM-Telnet-Sample | |
- DisplayName: "" | |
ID: PSM-TOAD | |
- DisplayName: "" | |
ID: PSM-SQLPlus | |
- DisplayName: "" | |
ID: PSM-VSPHERE | |
- DisplayName: "" | |
ID: PSM-AS400 | |
- DisplayName: "" | |
ID: PSM-OS390 | |
- DisplayName: "" | |
ID: PSM-SQLServerMgmtStudio | |
- DisplayName: "" | |
ID: PSM-WebFormSample | |
- DisplayName: SQL Server Mgmt Studio | |
ID: PSM-SQLServerMgmtStudio-Win | |
- DisplayName: CyberArk Password Vault Web Application v9 | |
ID: PSM-PVWA | |
- DisplayName: "" | |
ID: PSM-PrivateArkClient | |
- DisplayName: "" | |
ID: PSM-VNCClientSample | |
- DisplayName: "" | |
ID: PSM-VNCClientSample-AutoDeployed | |
- DisplayName: AWS Console with STS | |
ID: PSM-AWSConsoleWithSTS | |
- DisplayName: "" | |
ID: PSM-WinSCP | |
- DisplayName: CyberArk PTA | |
ID: PSM-PTA | |
- DisplayName: "" | |
ID: PSM-WebAppSample | |
- DisplayName: Microsoft Azure Portal | |
ID: PSM-MS-AzurePortal | |
- DisplayName: VMWare vSphere Web | |
ID: PSM-VSPHERE-Web | |
- DisplayName: CyberArk Password Vault Web Application v10 | |
ID: PSM-PVWA-v10 | |
- DisplayName: "" | |
ID: PSM-SAPGUI | |
- DisplayName: SQL Server Mgmt Studio Database | |
ID: PSM-SQLServerMgmtStudio-Database | |
Total: 30 | |
/PasswordVault/API/PSM/Servers: | |
get: | |
tags: | |
- Session Management | |
summary: Get All PSM Servers | |
description: This method allows Vault admins to get a list of all PSM servers defined for an environment. | |
operationId: getAllPsmServers | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache,no-store, no-cache, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "197" | |
Date: | |
schema: | |
type: string | |
example: "Thu, 24 Sep 2020 00:55:48 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: "no-cache,no-cache" | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
PSMServers: | |
type: array | |
items: | |
type: object | |
properties: | |
Address: | |
type: string | |
example: 54.88.213.184 | |
ID: | |
type: string | |
example: PSMServer_a91999c | |
Name: | |
type: string | |
example: PSM Server on PASAAS-PVWA | |
example: | |
- Address: 54.88.213.184 | |
ID: PSMServer_a91999c | |
Name: PSM Server on PASAAS-PVWA | |
- Address: psm.joegarcia.dev | |
ID: PSMServer | |
Name: PSM Server on PASAAS-PSM | |
Total: | |
type: number | |
example: 2 | |
examples: | |
200 OK: | |
value: | |
PSMServers: | |
- Address: 54.88.213.184 | |
ID: PSMServer_a91999c | |
Name: PSM Server on PASAAS-PVWA | |
- Address: psm.joegarcia.dev | |
ID: PSMServer | |
Name: PSM Server on PASAAS-PSM | |
Total: 2 | |
/PasswordVault/API/Platforms: | |
get: | |
tags: | |
- Platforms | |
summary: Get Platforms | |
description: "This method returns all existing account platforms from the Vault.\n\nYou can use filters to retrieve a subset of the platforms or search for a specific platform. For details, see URL parameters.\n\n**Note:** The [Get Platform Details](#585553e8-dea9-4617-9313-297aac8d7273) API, used to retrieve details for a specific platform, returns a different set of parameters." | |
operationId: getPlatforms | |
parameters: | |
- name: Active | |
in: query | |
schema: | |
type: string | |
example: "true" | |
description: "Filter according to whether the platform is active or not. Valid values: true or false" | |
- name: PlatformType | |
in: query | |
schema: | |
type: string | |
example: Regular | |
description: "Filter according to the platform type. Valid values: Group or Regular" | |
- name: PlatformName | |
in: query | |
schema: | |
type: string | |
example: string | |
description: Searching according to the platform name. | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/API/Platforms/Targets/{PlatformName}/PrivilegedSessionManagement": | |
get: | |
tags: | |
- Session Management | |
summary: Get Session Management Policy of Platform | |
description: This method allows Vault admins to retrieve the PSM Policy Section of a target platform. | |
operationId: getSessionManagementPolicyOfPlatform | |
responses: | |
"200": | |
description: "" | |
"400": | |
description: 400 Bad Request | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache,no-store, no-cache, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "197" | |
Date: | |
schema: | |
type: string | |
example: "Thu, 24 Sep 2020 00:57:16 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: "no-cache,no-cache" | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Details: | |
type: array | |
items: | |
type: object | |
properties: | |
ErrorCode: | |
type: string | |
example: "" | |
ErrorMessage: | |
type: string | |
example: "The value 'WinDomain' is not valid for Int64." | |
ParameterName: | |
type: string | |
example: platformID | |
example: | |
- ErrorCode: "" | |
ErrorMessage: "The value 'WinDomain' is not valid for Int64." | |
ParameterName: platformID | |
ErrorCode: | |
type: string | |
example: PASWS167E | |
ErrorMessage: | |
type: string | |
example: There are some invalid parameters | |
examples: | |
400 Bad Request: | |
value: | |
Details: | |
- ErrorCode: "" | |
ErrorMessage: "The value 'WinDomain' is not valid for Int64." | |
ParameterName: platformID | |
ErrorCode: PASWS167E | |
ErrorMessage: There are some invalid parameters | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Platforms/{PlatformName}": | |
get: | |
tags: | |
- Platforms | |
summary: Get Platform Details | |
description: This method retrieves details of a specified platform from the Vault. | |
operationId: getPlatformDetails | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "1419" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:08:20 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Active: | |
type: boolean | |
example: true | |
Details: | |
type: object | |
properties: | |
AllowManualChange: | |
type: string | |
example: "Yes" | |
AllowedSafes: | |
type: string | |
example: ".*" | |
ChangeNotificationPeriod: | |
type: string | |
example: "-1" | |
DaysNotifyPriorExpiration: | |
type: string | |
example: "7" | |
DllName: | |
type: string | |
example: PMWindows.dll | |
ExpirationPeriod: | |
type: string | |
example: "90" | |
FromHour: | |
type: string | |
example: "-1" | |
HeadStartInterval: | |
type: string | |
example: "5" | |
ImmediateInterval: | |
type: string | |
example: "5" | |
Interval: | |
type: string | |
example: "1440" | |
MaxConcurrentConnections: | |
type: string | |
example: "3" | |
MaximumRetries: | |
type: string | |
example: "5" | |
MinDelayBetweenRetries: | |
type: string | |
example: "90" | |
MinDigit: | |
type: string | |
example: "1" | |
MinLowerCase: | |
type: string | |
example: "2" | |
MinSpecial: | |
type: string | |
example: "1" | |
MinUpperCase: | |
type: string | |
example: "2" | |
MinValidityPeriod: | |
type: string | |
example: "60" | |
NFNotifyOnPasswordDisable: | |
type: string | |
example: "Yes" | |
NFNotifyOnPasswordUsed: | |
type: string | |
example: "No" | |
NFNotifyOnVerificationErrors: | |
type: string | |
example: "Yes" | |
NFNotifyPriorExpiration: | |
type: string | |
example: "No" | |
NFOnPasswordDisableRecipients: | |
type: string | |
example: "" | |
NFOnPasswordUsedRecipients: | |
type: string | |
example: "" | |
NFOnVerificationErrorsRecipients: | |
type: string | |
example: "" | |
NFPriorExpirationRecipients: | |
type: string | |
example: "" | |
OneTimePassword: | |
type: string | |
example: "False" | |
PasswordLength: | |
type: string | |
example: "8" | |
PasswordLevelRequestTimeframe: | |
type: string | |
example: "False" | |
PerformPeriodicChange: | |
type: string | |
example: "No" | |
PolicyID: | |
type: string | |
example: WinDomain | |
PolicyName: | |
type: string | |
example: Windows Domain Account | |
PolicyType: | |
type: string | |
example: regular | |
RCAllowManualReconciliation: | |
type: string | |
example: "Yes" | |
RCAutomaticReconcileWhenUnsynched: | |
type: string | |
example: "No" | |
RCFromHour: | |
type: string | |
example: "-1" | |
RCReconcileReasons: | |
type: string | |
example: "2114,2115,2106,2101" | |
RCToHour: | |
type: string | |
example: "-1" | |
ResetOveridesMinValidity: | |
type: string | |
example: "yes" | |
ResetOveridesTimeFrame: | |
type: string | |
example: "yes" | |
SearchForUsages: | |
type: string | |
example: "Yes" | |
Timeout: | |
type: string | |
example: "30" | |
ToHour: | |
type: string | |
example: "-1" | |
UnlockIfFail: | |
type: string | |
example: "no" | |
UnrecoverableErrors: | |
type: string | |
example: "2103,2105,2121" | |
VFAllowManualVerification: | |
type: string | |
example: "Yes" | |
VFFromHour: | |
type: string | |
example: "-1" | |
VFPerformPeriodicVerification: | |
type: string | |
example: "No" | |
VFToHour: | |
type: string | |
example: "-1" | |
VFVerificationPeriod: | |
type: string | |
example: "7" | |
XMLFile: | |
type: string | |
example: "yes" | |
PlatformID: | |
type: string | |
example: WinDomain | |
examples: | |
200 OK: | |
value: | |
Active: true | |
Details: | |
AllowManualChange: "Yes" | |
AllowedSafes: ".*" | |
ChangeNotificationPeriod: "-1" | |
DaysNotifyPriorExpiration: "7" | |
DllName: PMWindows.dll | |
ExpirationPeriod: "90" | |
FromHour: "-1" | |
HeadStartInterval: "5" | |
ImmediateInterval: "5" | |
Interval: "1440" | |
MaxConcurrentConnections: "3" | |
MaximumRetries: "5" | |
MinDelayBetweenRetries: "90" | |
MinDigit: "1" | |
MinLowerCase: "2" | |
MinSpecial: "1" | |
MinUpperCase: "2" | |
MinValidityPeriod: "60" | |
NFNotifyOnPasswordDisable: "Yes" | |
NFNotifyOnPasswordUsed: "No" | |
NFNotifyOnVerificationErrors: "Yes" | |
NFNotifyPriorExpiration: "No" | |
NFOnPasswordDisableRecipients: "" | |
NFOnPasswordUsedRecipients: "" | |
NFOnVerificationErrorsRecipients: "" | |
NFPriorExpirationRecipients: "" | |
OneTimePassword: "False" | |
PasswordLength: "8" | |
PasswordLevelRequestTimeframe: "False" | |
PerformPeriodicChange: "No" | |
PolicyID: WinDomain | |
PolicyName: Windows Domain Account | |
PolicyType: regular | |
RCAllowManualReconciliation: "Yes" | |
RCAutomaticReconcileWhenUnsynched: "No" | |
RCFromHour: "-1" | |
RCReconcileReasons: "2114,2115,2106,2101" | |
RCToHour: "-1" | |
ResetOveridesMinValidity: "yes" | |
ResetOveridesTimeFrame: "yes" | |
SearchForUsages: "Yes" | |
Timeout: "30" | |
ToHour: "-1" | |
UnlockIfFail: "no" | |
UnrecoverableErrors: "2103,2105,2121" | |
VFAllowManualVerification: "Yes" | |
VFFromHour: "-1" | |
VFPerformPeriodicVerification: "No" | |
VFToHour: "-1" | |
VFVerificationPeriod: "7" | |
XMLFile: "yes" | |
PlatformID: WinDomain | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Platforms/{PlatformName}/Export": | |
post: | |
tags: | |
- Platforms | |
summary: Export Platform | |
description: "If testing this in the Postman application, click the \"Download\" button after receiving the zip file stream to download the ZIP file locally." | |
operationId: exportPlatform | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache,no-store, no-cache, must-revalidate" | |
Content-Disposition: | |
schema: | |
type: string | |
example: attachment; filename=WinDomain.zip | |
Content-Length: | |
schema: | |
type: string | |
example: "2498" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:10:06 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: "no-cache,no-cache" | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
text/plain: | |
schema: | |
type: string | |
examples: | |
200 OK: | |
value: "trimmed" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/API/Recordings: | |
get: | |
tags: | |
- Monitor Sessions | |
- Recordings | |
summary: Get Recordings | |
description: "This method returns the details of recordings of PSM, PSMP or OPM sessions." | |
operationId: getRecordings | |
parameters: | |
- name: Limit | |
in: query | |
schema: | |
type: string | |
example: "25" | |
- name: Sort | |
in: query | |
schema: | |
type: string | |
example: RiskScore | |
- name: Offset | |
in: query | |
schema: | |
type: string | |
example: "0" | |
- name: Search | |
in: query | |
schema: | |
type: string | |
example: adm_domain | |
- name: Safe | |
in: query | |
schema: | |
type: string | |
example: "{{Safe}}" | |
- name: FromTime | |
in: query | |
schema: | |
type: string | |
example: "1514808001" | |
- name: ToTime | |
in: query | |
schema: | |
type: string | |
example: "1515326399" | |
- name: Activities | |
in: query | |
schema: | |
type: string | |
example: regedit | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/API/Recordings/{RecordingsID}": | |
get: | |
tags: | |
- Monitor Sessions | |
- Recordings | |
summary: Get Recording Details | |
description: "This method returns the details of recordings of PSM, PSMP or OPM sessions." | |
operationId: getRecordingDetails | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: RecordingsID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Recordings/{RecordingsID}/activities": | |
get: | |
tags: | |
- Monitor Sessions | |
- Recordings | |
summary: Get Recording Activities | |
description: "This method returns the details of recordings of PSM, PSMP or OPM sessions." | |
operationId: getRecordingActivities | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: RecordingsID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Recordings/{RecordingsID}/properties": | |
get: | |
tags: | |
- Monitor Sessions | |
- Recordings | |
summary: Get Recording Properties | |
description: "This method returns the details of recordings of PSM, PSMP or OPM sessions." | |
operationId: getRecordingProperties | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: RecordingsID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/API/Safes/{Safe}/AccountGroups": | |
get: | |
tags: | |
- Safes | |
summary: Get Safe Account Groups | |
description: "This method returns all the existing account groups in a specific Safe. The user performing this task must have the following permissions in the Safe:\n\n* Add accounts\n* Update account content\n* Update account properties\n* Create folders" | |
operationId: getSafeAccountGroups | |
responses: | |
"200": | |
description: 200 OK (No Account Groups) | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "2" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:20:34 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: array | |
items: {} | |
example: [] | |
examples: | |
200 OK (No Account Groups): | |
value: [] | |
parameters: | |
- name: Safe | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/API/auth/SAML/Logon: | |
post: | |
tags: | |
- Authentication | |
- v2 API123 | |
- SAML Authentication | |
summary: Logon | |
description: "This method authenticates a user to the Vault using SAML authentication and returns a token that can be used in subsequent web services calls.\n\n[Example PowerShell Code is available here](https://gist.github.com/infamousjoeg/b44faa299ec3de65bdd1d3b8474b0649)" | |
operationId: logon | |
parameters: | |
- name: concurrentSession | |
in: query | |
schema: | |
type: string | |
example: "false" | |
description: Boolean value | |
- name: apiUse | |
in: query | |
schema: | |
type: string | |
example: "true" | |
description: Never should be false | |
- name: SAMLResponse | |
in: query | |
schema: | |
type: string | |
example: "{{SAMLToken}}" | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "" | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/API/auth/Windows/Logon: | |
post: | |
tags: | |
- Authentication | |
- v2 API123 | |
summary: Logon - Windows Authentication | |
description: "This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method enables you to set a new password." | |
operationId: logonWindowsAuthentication | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
concurrentSessions: | |
type: string | |
example: "false" | |
password: | |
type: string | |
example: "{{apiPassword}}" | |
username: | |
type: string | |
example: "{{apiUsername}}" | |
example: | |
concurrentSessions: "false" | |
password: "{{apiPassword}}" | |
username: "{{apiUsername}}" | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/API/pta/API/Events/: | |
get: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
- Security Events | |
summary: Get Security Events | |
description: This method returns all PTA Security Events. | |
operationId: getSecurityEvents | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/API/pta/API/Events/{ptaSecurityEventID}": | |
patch: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
- Security Events | |
summary: Update Security Event | |
description: This method updates the status of a security event to open or closed. | |
operationId: updateSecurityEvent | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
mStatus: | |
type: string | |
example: "<OPEN/CLOSED>" | |
example: | |
mStatus: "<OPEN/CLOSED>" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: ptaSecurityEventID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/API/pta/API/Settings: | |
get: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
- Security Events | |
summary: Get Security Settings | |
description: This method returns risky activities rules and automatic remediation settings of the PTA Server configuration. | |
operationId: getSecuritySettings | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/API/pta/API/Settings/AutomaticRemediations/: | |
patch: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
- Security Events | |
summary: Update Security Remediation Settings | |
description: This method updates the automatic remediation properties in the PTA server configuration. | |
operationId: updateSecurityRemediationSettings | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/API/pta/API/Settings/RiskyActivity/: | |
put: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
- Security Events | |
summary: Update Risky Commands Rule | |
description: This method updates an existing Risky Activity rule in the PTA server configuration. | |
operationId: updateRiskyCommandsRule | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"id\": \"0\", \n\t\"category\": \"KEYSTROKES\",\n\t\"regex\": \"(.*)netsh(.*)wlan(.*)key=clear(.*)\", \n\t\"score\": 40, \n\t\"description\": \"Indication of a privileged user using a decoding command in clear text to retrieve a WIFI password.\", \n\t\"response\": \"NONE\", \n\t\"active\": true\n\t\"scope\": { \n\t\t\"vaultUsers\": {\n\t\t\t\"mode\":\"EXCLUDE\",\n\t\t\t\"list\":[\"anna\"]\n\t\t}, \n\t\t\"machines\": {\n\t\t\t\"mode\":\"include\",\n\t\t\t\"list\":[\"*\"]\n\t\t} \n\t}\n}" | |
responses: | |
"200": | |
description: "" | |
post: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
- Security Events | |
summary: Add Risky Commands Rule | |
description: This method adds a new Risky Activity rule in the PTA server configuration. | |
operationId: addRiskyCommandsRule | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
active: | |
type: boolean | |
example: true | |
category: | |
type: string | |
example: KEYSTROKES | |
description: | |
type: string | |
example: Indication of a privileged user using a decoding command in clear text to retrieve a WIFI password. | |
regex: | |
type: string | |
example: (.*)netsh(.*)wlan(.*)key=clear(.*) | |
response: | |
type: string | |
example: NONE | |
scope: | |
type: object | |
properties: | |
machines: | |
type: object | |
properties: | |
list: | |
type: array | |
items: | |
type: string | |
example: "*" | |
example: | |
- "*" | |
mode: | |
type: string | |
example: INCLUDE | |
vaultUsers: | |
type: object | |
properties: | |
list: | |
type: array | |
items: | |
type: string | |
example: john* | |
example: | |
- john* | |
mode: | |
type: string | |
example: EXCLUDE | |
score: | |
type: number | |
example: 40 | |
example: | |
active: true | |
category: KEYSTROKES | |
description: Indication of a privileged user using a decoding command in clear text to retrieve a WIFI password. | |
regex: (.*)netsh(.*)wlan(.*)key=clear(.*) | |
response: NONE | |
scope: | |
machines: | |
list: | |
- "*" | |
mode: INCLUDE | |
vaultUsers: | |
list: | |
- john* | |
mode: EXCLUDE | |
score: 40 | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/WebServices/PIMServices.svc/Account: | |
post: | |
tags: | |
- Accounts | |
- v1 API | |
summary: "Add Account [v9.0+]" | |
description: This method adds a new privileged account to the Vault. | |
operationId: addAccountV90 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
account: | |
type: object | |
properties: | |
accountName: | |
type: string | |
example: AccountName | |
address: | |
type: string | |
example: "{{Address}}" | |
disableAutoMgmt: | |
type: string | |
example: "false" | |
disableAutoMgmtReason: | |
type: string | |
example: N/A | |
groupName: | |
type: string | |
example: "" | |
groupPlatformID: | |
type: string | |
example: "" | |
password: | |
type: string | |
example: Password123 | |
platformID: | |
type: string | |
example: WinDomain | |
properties: | |
type: array | |
items: | |
type: object | |
properties: | |
Key: | |
type: string | |
example: Port | |
Value: | |
type: string | |
example: "<port>" | |
example: | |
- Key: Port | |
Value: "<port>" | |
- Key: ParamName | |
Value: Parameter value | |
safe: | |
type: string | |
example: "{{Safe}}" | |
username: | |
type: string | |
example: "{{UserName}}" | |
example: | |
account: | |
accountName: AccountName | |
address: "{{Address}}" | |
disableAutoMgmt: "false" | |
disableAutoMgmtReason: N/A | |
groupName: "" | |
groupPlatformID: "" | |
password: Password123 | |
platformID: WinDomain | |
properties: | |
- Key: Port | |
Value: "<port>" | |
- Key: ParamName | |
Value: Parameter value | |
safe: "{{Safe}}" | |
username: "{{UserName}}" | |
responses: | |
"200": | |
description: "" | |
# "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress|ACLUserName|ACLPolicyID}/PrivilegedCommands": | |
# get: | |
# tags: | |
# - OPM Commands | |
# - Account | |
# summary: List Account/ACL | |
# description: This method gets a list of the privileged commands (OPM rules) associated with this account. | |
# operationId: listAccountAcl | |
# responses: | |
# "200": | |
# description: "" | |
# "500": | |
# description: 500 Internal Server Error (ACLAddress Required) | |
# headers: | |
# CA-ErrorMessage: | |
# schema: | |
# type: string | |
# example: Input parameter AccountAddress is obligatory. Please fix it and try again. | |
# CA-ErrorMessageBase64Encoded: | |
# schema: | |
# type: string | |
# example: SW5wdXQgcGFyYW1ldGVyIEFjY291bnRBZGRyZXNzIGlzIG9ibGlnYXRvcnkuIFBsZWFzZSBmaXggaXQgYW5kIHRyeSBhZ2Fpbi4= | |
# Cache-Control: | |
# schema: | |
# type: string | |
# example: "no-cache, no-store, must-revalidate" | |
# Content-Length: | |
# schema: | |
# type: string | |
# example: "118" | |
# Date: | |
# schema: | |
# type: string | |
# example: "Mon, 05 Jun 2017 21:08:01 GMT" | |
# Expires: | |
# schema: | |
# type: string | |
# example: "-1" | |
# Pragma: | |
# schema: | |
# type: string | |
# example: no-cache | |
# Server: | |
# schema: | |
# type: string | |
# example: Microsoft-IIS/8.5 | |
# Set-Cookie: | |
# schema: | |
# type: string | |
# example: mobileState=Desktop; path=/PasswordVault/; HttpOnly | |
# X-Frame-Options: | |
# schema: | |
# type: string | |
# example: SAMEORIGIN | |
# X-UA-Compatible: | |
# schema: | |
# type: string | |
# example: IE=EmulateIE8 | |
# content: | |
# application/json: | |
# schema: | |
# type: object | |
# properties: | |
# ErrorCode: | |
# type: string | |
# example: CAWS00001E | |
# ErrorMessage: | |
# type: string | |
# example: Input parameter AccountAddress is obligatory. Please fix it and try again. | |
# examples: | |
# 500 Internal Server Error (ACLAddress Required): | |
# value: | |
# ErrorCode: CAWS00001E | |
# ErrorMessage: Input parameter AccountAddress is obligatory. Please fix it and try again. | |
# put: | |
# tags: | |
# - OPM Commands | |
# - Account | |
# summary: Add Account/ACL | |
# description: This method adds a new privileged command rule to the account. | |
# operationId: addAccountAcl | |
# requestBody: | |
# content: | |
# application/json: | |
# schema: | |
# type: object | |
# properties: | |
# Command: | |
# type: string | |
# example: /bin/sh | |
# CommandGroup: | |
# type: boolean | |
# example: false | |
# PermissionType: | |
# type: string | |
# example: Deny | |
# Restrictions: | |
# type: string | |
# example: "" | |
# UserName: | |
# type: string | |
# example: "*" | |
# example: | |
# Command: /bin/sh | |
# CommandGroup: false | |
# PermissionType: Deny | |
# Restrictions: "" | |
# UserName: "*" | |
# responses: | |
# "200": | |
# description: "" | |
# parameters: | |
# - name: ACLAddress | |
# in: path | |
# required: true | |
# schema: | |
# type: string | |
# - name: ACLUserName | |
# in: path | |
# required: true | |
# schema: | |
# type: string | |
# - name: ACLPolicyID | |
# in: path | |
# required: true | |
# schema: | |
# type: string | |
# "/PasswordVault/WebServices/PIMServices.svc/Account/{ACLAddress}|{ACLUserName}|{ACLPolicyID}/PrivilegedCommands/": | |
# delete: | |
# tags: | |
# - OPM Commands | |
# - Account | |
# summary: Delete Account/ACL | |
# description: This method deletes privileged commands rules associated with the account. | |
# operationId: deleteAccountAcl | |
# parameters: | |
# - name: id | |
# in: query | |
# schema: | |
# type: string | |
# example: "1" | |
# requestBody: | |
# content: | |
# application/octet-stream: {} | |
# responses: | |
# "200": | |
# description: "" | |
# parameters: | |
# - name: ACLAddress | |
# in: path | |
# required: true | |
# schema: | |
# type: string | |
# - name: ACLUserName | |
# in: path | |
# required: true | |
# schema: | |
# type: string | |
# - name: ACLPolicyID | |
# in: path | |
# required: true | |
# schema: | |
# type: string | |
/PasswordVault/WebServices/PIMServices.svc/Accounts: | |
get: | |
tags: | |
- Accounts | |
- v1 API | |
summary: "Get Account Details [v9.3+]" | |
description: "This method returns information about an account. If more than one account meets the search criteria, only the first account will be returned, although the Count output parameter will display the number of accounts that were found.\r\nOnly the following users can access this account:\r\n- Users who are members of the Safe where the account is stored.\r\n- Users who have access to this specific account. For more information about object level access control, refer to Object Level Access Control in the Privileged Account Security Implementation Guide.\r\n- The user who runs this web service requires the following permission in the Safe:\r\n - List accounts\r\nNotes:\r\n- This method does not display the actual password.\r\n- If ten or more accounts are found, the Count Output parameter will show 10." | |
operationId: getAccountDetailsV93 | |
parameters: | |
- name: Keywords | |
in: query | |
schema: | |
type: string | |
example: "{{Keywords}}" | |
- name: Safe | |
in: query | |
schema: | |
type: string | |
example: "{{Safe}}" | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "697" | |
Date: | |
schema: | |
type: string | |
example: "Mon, 05 Jun 2017 17:48:52 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/8.5 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; HttpOnly | |
X-Frame-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Count: | |
type: number | |
example: 1 | |
accounts: | |
type: array | |
items: | |
type: object | |
properties: | |
AccountID: | |
type: string | |
example: "41_4" | |
InternalProperties: | |
type: array | |
items: | |
type: object | |
properties: | |
Key: | |
type: string | |
example: CPMStatus | |
Value: | |
type: string | |
example: success | |
example: | |
- Key: CPMStatus | |
Value: success | |
- Key: CreationMethod | |
Value: PVWA | |
- Key: RetriesCount | |
Value: "-1" | |
- Key: LastTask | |
Value: VerifyTask | |
Properties: | |
type: array | |
items: | |
type: object | |
properties: | |
Key: | |
type: string | |
example: Safe | |
Value: | |
type: string | |
example: T-APP-CYBR-RESTAPI | |
example: | |
- Key: Safe | |
Value: T-APP-CYBR-RESTAPI | |
- Key: Folder | |
Value: Root | |
- Key: Name | |
Value: Operating System-WindowsDomainAccount-cyberark.local-test.user0001 | |
- Key: UserName | |
Value: test.user0001 | |
- Key: PolicyID | |
Value: WindowsDomainAccount | |
- Key: LogonDomain | |
Value: CYBERARK | |
- Key: LastSuccessVerification | |
Value: "1496683713" | |
- Key: Address | |
Value: cyberark.local | |
- Key: DeviceType | |
Value: Operating System | |
example: | |
- AccountID: "41_4" | |
InternalProperties: | |
- Key: CPMStatus | |
Value: success | |
- Key: CreationMethod | |
Value: PVWA | |
- Key: RetriesCount | |
Value: "-1" | |
- Key: LastTask | |
Value: VerifyTask | |
Properties: | |
- Key: Safe | |
Value: T-APP-CYBR-RESTAPI | |
- Key: Folder | |
Value: Root | |
- Key: Name | |
Value: Operating System-WindowsDomainAccount-cyberark.local-test.user0001 | |
- Key: UserName | |
Value: test.user0001 | |
- Key: PolicyID | |
Value: WindowsDomainAccount | |
- Key: LogonDomain | |
Value: CYBERARK | |
- Key: LastSuccessVerification | |
Value: "1496683713" | |
- Key: Address | |
Value: cyberark.local | |
- Key: DeviceType | |
Value: Operating System | |
examples: | |
200 OK: | |
value: | |
Count: 1 | |
accounts: | |
- AccountID: "41_4" | |
InternalProperties: | |
- Key: CPMStatus | |
Value: success | |
- Key: CreationMethod | |
Value: PVWA | |
- Key: RetriesCount | |
Value: "-1" | |
- Key: LastTask | |
Value: VerifyTask | |
Properties: | |
- Key: Safe | |
Value: T-APP-CYBR-RESTAPI | |
- Key: Folder | |
Value: Root | |
- Key: Name | |
Value: Operating System-WindowsDomainAccount-cyberark.local-test.user0001 | |
- Key: UserName | |
Value: test.user0001 | |
- Key: PolicyID | |
Value: WindowsDomainAccount | |
- Key: LogonDomain | |
Value: CYBERARK | |
- Key: LastSuccessVerification | |
Value: "1496683713" | |
- Key: Address | |
Value: cyberark.local | |
- Key: DeviceType | |
Value: Operating System | |
"/PasswordVault/WebServices/PIMServices.svc/Accounts/{AccountID}": | |
put: | |
tags: | |
- Accounts | |
- v1 API | |
summary: "Update Account Details [v9.5+]" | |
description: "This method updates an existing account's details. In order to execute this web service, all the account’s details must be entered in the web service request. If the existing accounts properties are not sent as part of the request, the properties will be removed from the account. Any values sent in the request that were changed will be updated. All other properties values will remain the same.\r\nWhen you change the name or folder of a service account that has multiple dependencies (usages), the connection between it and its dependencies will be automatically maintained.\r\nIn addition, when you change the name or a folder of an account that is linked to another account, whether logon, reconciliation or verification, the links will be automatically updated.\r\nNotes:\r\nThis web service has the following limitations:\r\n- Dependencies (usages) cannot be updated.\r\n- Accounts that do not have a policy ID cannot be updated.\r\nPermissions\r\n- To update account properties, Safe members require the following permission:\r\n - Update password properties\r\n- To rename accounts, Safe members require the following permission:\r\n - Rename accounts\r\n- To move accounts to a different folder, Safe members require the following permission:\r\n - Move accounts/folders" | |
operationId: updateAccountDetailsV95 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Accounts: | |
type: object | |
properties: | |
AccountName: | |
type: string | |
example: "{{ObjectName}}" | |
Address: | |
type: string | |
example: "{{Address}}" | |
DeviceType: | |
type: string | |
example: Operating System | |
Folder: | |
type: string | |
example: "{{Folder}}" | |
GroupName: | |
type: string | |
example: "" | |
GroupPlatformID: | |
type: string | |
example: "" | |
PlatformID: | |
type: string | |
example: WinDomain | |
Properties: | |
type: array | |
items: | |
type: object | |
properties: | |
Key: | |
type: string | |
example: Notes | |
Value: | |
type: string | |
example: Test User for CyberArk | |
example: | |
- Key: Notes | |
Value: Test User for CyberArk | |
- Key: Ticket Number | |
Value: CHG100001 | |
- Key: ParamName | |
Value: Parameter value | |
UserName: | |
type: string | |
example: "{{UserName}}" | |
example: | |
Accounts: | |
AccountName: "{{ObjectName}}" | |
Address: "{{Address}}" | |
DeviceType: Operating System | |
Folder: "{{Folder}}" | |
GroupName: "" | |
GroupPlatformID: "" | |
PlatformID: WinDomain | |
Properties: | |
- Key: Notes | |
Value: Test User for CyberArk | |
- Key: Ticket Number | |
Value: CHG100001 | |
- Key: ParamName | |
Value: Parameter value | |
UserName: "{{UserName}}" | |
responses: | |
"200": | |
description: "" | |
delete: | |
tags: | |
- Accounts | |
- v1 API | |
summary: "Delete Account [v9.3+]" | |
description: "This method deletes a specific account in the Vault.\r\nThe user who runs this web service requires the following permission in the Vault:\r\n- Delete accounts" | |
operationId: deleteAccountV93 | |
requestBody: | |
content: | |
application/octet-stream: | |
schema: | |
type: string | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/WebServices/PIMServices.svc/Accounts/{AccountID}/Activities": | |
get: | |
tags: | |
- Accounts | |
- v1 API | |
summary: "List Activity by ID [v9.7+]" | |
description: This method returns the activities of a specific account that is identified by its account ID. | |
operationId: listActivityByIdV97 | |
parameters: | |
- name: SafeName | |
in: query | |
schema: | |
type: string | |
example: "{{Safe}}" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/WebServices/PIMServices.svc/Accounts/{AccountID}/ChangeCredentials": | |
put: | |
tags: | |
- Accounts | |
- Account Actions | |
- v1 API1 | |
summary: "Change Credentials [v9.3+]" | |
description: "This method marks the account for an immediate password change by the CPM to a new random password.\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n- Initiate CPM password management operations\r\n\r\nNOTE: 'ImmediateChangeByCPM' is in the Web Services SDK as part of the body, but it should be included in the header as it is here." | |
operationId: changeCredentialsV93 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
ChangeCredsForGroup: | |
type: string | |
example: "No" | |
example: | |
ChangeCredsForGroup: "No" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/WebServices/PIMServices.svc/Accounts/{AccountID}/Credentials": | |
get: | |
tags: | |
- Accounts | |
- Account Actions | |
- v1 API1 | |
summary: Get Password Value | |
description: "This method enables users to retrieve the password of an existing account identified by its Account ID.\n\n* This web service will not return SSH Keys. If the request was sent for an SSK key, the following error will be returned: \"Failed to get the credentials of <AccountID>. Reason: The account is of type SSH Key.\"\n* This web service will not be able to retrieve the password if a reason is required (according to its effective Master Policy), and an error will be returned.\n\n**Note:** The ability to retrieve credentials using this REST API is intended for human use only and is not recommended for applications or automated processes where application-based authentication is required.\n\nFor application or automated processes use cases, refer to the [AAM Credential Providers Online Help](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Default.htm)." | |
operationId: getPasswordValue1 | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/WebServices/PIMServices.svc/Accounts/{AccountID}/VerifyCredentials": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v1 API1 | |
summary: "Verify Credentials [v9.7-v9.9.5]" | |
description: "This method marks an account for verification by the CPM.\r\nThe user who runs this web service requires the following permission in the Safe where the privileged account is stored:\r\n\r\n* Initiate CPM password management operations\r\n\r\n__This endpoint has been deprecated past v9.9.5__" | |
operationId: verifyCredentialsV97V995 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: {} | |
example: {} | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/WebServices/PIMServices.svc/Applications/: | |
get: | |
tags: | |
- Applications | |
summary: List a Specific Application | |
description: "This method returns information about a specific application.\r\nThe user who runs this web service requires the following permission in the Vault:\r\n- Audit Users" | |
operationId: listASpecificApplication | |
parameters: | |
- name: AppID | |
in: query | |
schema: | |
type: string | |
example: "{{AppID}}" | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "423" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:25:46 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
application: | |
type: array | |
items: | |
type: object | |
properties: | |
AccessPermittedFrom: | |
type: number | |
example: 0 | |
AccessPermittedTo: | |
type: number | |
example: 24 | |
AllowExtendedAuthenticationRestrictions: | |
type: boolean | |
example: false | |
AppID: | |
type: string | |
example: Ansible | |
BusinessOwnerEmail: | |
type: string | |
example: joe.garcia@cyberark.com | |
BusinessOwnerFName: | |
type: string | |
example: Joe | |
BusinessOwnerLName: | |
type: string | |
example: Garcia | |
BusinessOwnerPhone: | |
type: string | |
example: 222-UWISHUKNEW | |
Description: | |
type: string | |
example: Identity assigned to all Ansible retrieved credentials for audit. | |
Disabled: | |
type: boolean | |
example: false | |
ExpirationDate: | |
nullable: true | |
example: ~ | |
Location: | |
type: string | |
example: "\\Applications" | |
example: | |
- AccessPermittedFrom: 0 | |
AccessPermittedTo: 24 | |
AllowExtendedAuthenticationRestrictions: false | |
AppID: Ansible | |
BusinessOwnerEmail: joe.garcia@cyberark.com | |
BusinessOwnerFName: Joe | |
BusinessOwnerLName: Garcia | |
BusinessOwnerPhone: 222-UWISHUKNEW | |
Description: Identity assigned to all Ansible retrieved credentials for audit. | |
Disabled: false | |
ExpirationDate: ~ | |
Location: "\\Applications" | |
examples: | |
200 OK: | |
value: | |
application: | |
- AccessPermittedFrom: 0 | |
AccessPermittedTo: 24 | |
AllowExtendedAuthenticationRestrictions: false | |
AppID: Ansible | |
BusinessOwnerEmail: joe.garcia@cyberark.com | |
BusinessOwnerFName: Joe | |
BusinessOwnerLName: Garcia | |
BusinessOwnerPhone: 222-UWISHUKNEW | |
Description: Identity assigned to all Ansible retrieved credentials for audit. | |
Disabled: false | |
ExpirationDate: ~ | |
Location: "\\Applications" | |
post: | |
tags: | |
- Applications | |
summary: Add Application | |
description: "This method adds a new application to the Vault.\r\nThe user who adds this application requires the following permission in the Vault:\r\n- Manage Users" | |
operationId: addApplication | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
application: | |
type: object | |
properties: | |
AccessPermittedFrom: | |
type: number | |
example: 0 | |
AccessPermittedTo: | |
type: number | |
example: 23 | |
AppID: | |
type: string | |
example: "{{AppID}}" | |
BusinessOwnerEmail: | |
type: string | |
example: John.Doe@CyberArk.com | |
BusinessOwnerFName: | |
type: string | |
example: John | |
BusinessOwnerLName: | |
type: string | |
example: Doe | |
BusinessOwnerPhone: | |
type: string | |
example: 555-555-1212 | |
Description: | |
type: string | |
example: Testing DevOps Deployments with CyberArk | |
Disabled: | |
type: string | |
example: "No" | |
ExpirationDate: | |
type: string | |
example: "" | |
Location: | |
type: string | |
example: /Applications | |
example: | |
application: | |
AccessPermittedFrom: 0 | |
AccessPermittedTo: 23 | |
AppID: "{{AppID}}" | |
BusinessOwnerEmail: John.Doe@CyberArk.com | |
BusinessOwnerFName: John | |
BusinessOwnerLName: Doe | |
BusinessOwnerPhone: 555-555-1212 | |
Description: Testing DevOps Deployments with CyberArk | |
Disabled: "No" | |
ExpirationDate: "" | |
Location: /Applications | |
responses: | |
"200": | |
description: "" | |
"400": | |
description: 400 Bad Request | |
headers: | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "1647" | |
Date: | |
schema: | |
type: string | |
example: "Mon, 05 Jun 2017 18:46:42 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/8.5 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; HttpOnly | |
X-Frame-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
content: | |
text/plain: | |
schema: | |
type: string | |
examples: | |
400 Bad Request: | |
value: "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n <head>\r\n <title>Request Error</title>\r\n <style>BODY { color: #000000; background-color: white; font-family: Verdana; margin-left: 0px; margin-top: 0px; } #content { margin-left: 30px; font-size: .70em; padding-bottom: 2em; } A:link { color: #336699; font-weight: bold; text-decoration: underline; } A:visited { color: #6699cc; font-weight: bold; text-decoration: underline; } A:active { color: #336699; font-weight: bold; text-decoration: underline; } .heading1 { background-color: #003366; border-bottom: #336699 6px solid; color: #ffffff; font-family: Tahoma; font-size: 26px; font-weight: normal;margin: 0em 0em 10px -20px; padding-bottom: 8px; padding-left: 30px;padding-top: 16px;} pre { font-size:small; background-color: #e5e5cc; padding: 5px; font-family: Courier New; margin-top: 0px; border: 1px #f0f0e0 solid; white-space: pre-wrap; white-space: -pre-wrap; word-wrap: break-word; } table { border-collapse: collapse; border-spacing: 0px; font-family: Verdana;} table th { border-right: 2px white solid; border-bottom: 2px white solid; font-weight: bold; background-color: #cecf9c;} table td { border-right: 2px white solid; border-bottom: 2px white solid; background-color: #e5e5cc;}</style>\r\n </head>\r\n <body>\r\n <div id=\"content\">\r\n <p class=\"heading1\">Request Error</p>\r\n <p>The server encountered an error processing the request. See server logs for more details.</p>\r\n </div>\r\n </body>\r\n</html>" | |
delete: | |
tags: | |
- Applications | |
summary: Delete a Specific Application | |
description: "This method deletes a specific application.\r\nThe user requires the following permission in the Vault:\r\n- Manage Users" | |
operationId: deleteASpecificApplication | |
parameters: | |
- name: AppID | |
in: query | |
schema: | |
type: string | |
example: "{{AppID}}" | |
requestBody: | |
content: | |
application/octet-stream: | |
schema: | |
type: string | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/WebServices/PIMServices.svc/Applications/{AppID}/Authentications": | |
get: | |
tags: | |
- Applications | |
summary: List all Authentication Methods of a Specific Application | |
description: "This method returns information about all the authentications methods of a specific application.\r\nThe user who runs this web service requires the following permission in the Vault:\r\n- Audit Users" | |
operationId: listAllAuthenticationMethodsOfASpecificApplication | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "472" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:26:06 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
authentication: | |
type: array | |
items: | |
type: object | |
properties: | |
AllowInternalScripts: | |
nullable: true | |
example: ~ | |
AppID: | |
type: string | |
example: Ansible | |
AuthType: | |
type: string | |
example: machineAddress | |
AuthValue: | |
type: string | |
example: ansible.192.168.3.103.xip.io | |
Comment: | |
nullable: true | |
example: ~ | |
IsFolder: | |
nullable: true | |
example: ~ | |
authID: | |
type: number | |
example: 1 | |
example: | |
- AllowInternalScripts: ~ | |
AppID: Ansible | |
AuthType: machineAddress | |
AuthValue: ansible.192.168.3.103.xip.io | |
Comment: ~ | |
IsFolder: ~ | |
authID: 1 | |
- AllowInternalScripts: ~ | |
AppID: Ansible | |
AuthType: machineAddress | |
AuthValue: 192.168.3.103 | |
Comment: ~ | |
IsFolder: ~ | |
authID: 2 | |
- AllowInternalScripts: ~ | |
AppID: Ansible | |
AuthType: machineAddress | |
AuthValue: ansibletower | |
Comment: ~ | |
IsFolder: ~ | |
authID: 3 | |
examples: | |
200 OK: | |
value: | |
authentication: | |
- AllowInternalScripts: ~ | |
AppID: Ansible | |
AuthType: machineAddress | |
AuthValue: ansible.192.168.3.103.xip.io | |
Comment: ~ | |
IsFolder: ~ | |
authID: 1 | |
- AllowInternalScripts: ~ | |
AppID: Ansible | |
AuthType: machineAddress | |
AuthValue: 192.168.3.103 | |
Comment: ~ | |
IsFolder: ~ | |
authID: 2 | |
- AllowInternalScripts: ~ | |
AppID: Ansible | |
AuthType: machineAddress | |
AuthValue: ansibletower | |
Comment: ~ | |
IsFolder: ~ | |
authID: 3 | |
parameters: | |
- name: AppID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/WebServices/PIMServices.svc/Applications/{AppID}/Authentications/": | |
post: | |
tags: | |
- Applications | |
summary: Add Authentication | |
description: "This method adds a new authentication method to a specific application in the Vault.\r\nThe user who adds this authentication method requires the following permissions in the Vault:\r\n- Manage Users" | |
operationId: addAuthentication | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\r\n \"authentication\":\r\n {\r\n \"AuthType\":\"path/osuser/hash/machineAddress\",\r\n \"AuthValue\":\"<Path string>/<OSUser Name>/<Hash Value>/<Machine Address/CIDR>\",\r\n \"IsFolder\":<true/false>,\r\n \"AllowInternalScripts\":<true/false>\r\n }\r\n}" | |
responses: | |
"200": | |
description: "" | |
delete: | |
tags: | |
- Applications | |
summary: Delete a Specific Authentication | |
description: "This method deletes a specific authentication method from a defined application.\r\nThe user requires the following permission in the Vault:\r\n- Manage Users" | |
operationId: deleteASpecificAuthentication | |
parameters: | |
- name: AuthID | |
in: query | |
schema: | |
type: string | |
example: "1" | |
requestBody: | |
content: | |
application/octet-stream: | |
schema: | |
type: string | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AppID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/WebServices/PIMServices.svc/Groups/{GroupName}/Users": | |
post: | |
tags: | |
- User Management | |
- Groups | |
- v1 API123456 | |
summary: Add User to Group | |
description: This method adds a specific user to an existing user group in the Vault. | |
operationId: addUserToGroup1 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
UserName: | |
type: string | |
example: "{{UserName}}" | |
example: | |
UserName: "{{UserName}}" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: GroupName | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/WebServices/PIMServices.svc/Logo: | |
get: | |
tags: | |
- Server | |
summary: Logo | |
description: This method returns the configuration of the logo that will be displayed in the CyberArk SafeShare logon screen and account settings. | |
operationId: logo | |
parameters: | |
- name: type | |
in: query | |
schema: | |
type: string | |
example: square | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/WebServices/PIMServices.svc/PendingAccounts: | |
post: | |
tags: | |
- Accounts | |
- v1 API | |
summary: "Add Pending Account [v9.7+]" | |
description: "This method enables an account that is discovered by an external scanner to be added as a pending account to the Accounts Feed. This facilitates the privileged account workflow, during which users can identify privileged accounts and determine which are onboarded to the Vault.\r\nNote: This method adds password accounts only. It does not add SSH Keys." | |
operationId: addPendingAccountV97 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
pendingAccount: | |
type: object | |
properties: | |
AccountCategory: | |
type: string | |
example: Privileged | |
AccountCategoryCriteria: | |
type: string | |
example: "<criteria>" | |
AccountDescription: | |
type: string | |
example: CyberArk EPV Test User for Web Services | |
AccountDiscoveryDate: | |
type: string | |
example: "2016-12-19T08:19:03Z" | |
AccountEnabled: | |
type: string | |
example: Disabled | |
AccountExpirationDate: | |
type: string | |
example: "" | |
AccountOSGroups: | |
type: string | |
example: Domain Admins | |
AccountType: | |
type: string | |
example: Domain | |
Address: | |
type: string | |
example: "{{Address}}" | |
DiscoveryPlatformType: | |
type: string | |
example: Windows Domain Accounts | |
Domain: | |
type: string | |
example: joe-garcia.local | |
GID: | |
type: string | |
example: "" | |
LastLogonDate: | |
type: string | |
example: "" | |
LastPasswordSetDate: | |
type: string | |
example: "2016-12-19T08:19:03Z" | |
MachineOSFamily: | |
type: string | |
example: server | |
OSType: | |
type: string | |
example: Windows | |
OSVersion: | |
type: string | |
example: Windows Server 2012 R2 | |
OU: | |
type: string | |
example: Users | |
PasswordNeverExpires: | |
type: string | |
example: "false" | |
UID: | |
type: string | |
example: "" | |
UserDisplayName: | |
type: string | |
example: CA_EPVTestUser | |
UserName: | |
type: string | |
example: "{{UserName}}" | |
example: | |
pendingAccount: | |
AccountCategory: Privileged | |
AccountCategoryCriteria: "<criteria>" | |
AccountDescription: CyberArk EPV Test User for Web Services | |
AccountDiscoveryDate: "2016-12-19T08:19:03Z" | |
AccountEnabled: Disabled | |
AccountExpirationDate: "" | |
AccountOSGroups: Domain Admins | |
AccountType: Domain | |
Address: "{{Address}}" | |
DiscoveryPlatformType: Windows Domain Accounts | |
Domain: joe-garcia.local | |
GID: "" | |
LastLogonDate: "" | |
LastPasswordSetDate: "2016-12-19T08:19:03Z" | |
MachineOSFamily: server | |
OSType: Windows | |
OSVersion: Windows Server 2012 R2 | |
OU: Users | |
PasswordNeverExpires: "false" | |
UID: "" | |
UserDisplayName: CA_EPVTestUser | |
UserName: "{{UserName}}" | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/WebServices/PIMServices.svc/Policy/{ACLPolicyID}/PrivilegedCommands": | |
get: | |
tags: | |
- OPM Commands | |
- Policy | |
summary: List Policy/ACL | |
description: This method gets a list of the privileged commands (OPM rules) associated with this policy. | |
operationId: listPolicyAcl | |
responses: | |
"200": | |
description: "" | |
put: | |
tags: | |
- OPM Commands | |
- Policy | |
summary: Add Policy/ACL | |
description: This method adds a new privileged command rule to the policy. | |
operationId: addPolicyAcl | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Command: | |
type: string | |
example: /bin/sh | |
CommandGroup: | |
type: boolean | |
example: false | |
PermissionType: | |
type: string | |
example: Deny | |
Restrictions: | |
type: string | |
example: "" | |
UserName: | |
type: string | |
example: "{{ACLUserName}}" | |
example: | |
Command: /bin/sh | |
CommandGroup: false | |
PermissionType: Deny | |
Restrictions: "" | |
UserName: "{{ACLUserName}}" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: ACLPolicyID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/WebServices/PIMServices.svc/Policy/{ACLPolicyID}/PrivilegedCommands/": | |
delete: | |
tags: | |
- OPM Commands | |
- Policy | |
summary: Delete Policy/ACL | |
description: This method deletes all privileged commands rules associated with the policy. | |
operationId: deletePolicyAcl | |
parameters: | |
- name: id | |
in: query | |
schema: | |
type: string | |
example: "1" | |
requestBody: | |
content: | |
application/octet-stream: | |
schema: | |
type: string | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: ACLPolicyID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/WebServices/PIMServices.svc/Safes: | |
get: | |
tags: | |
- Safes | |
summary: Search for a Safe | |
description: This method returns information about the Safes in the Vault that meet the criteria specified in the search query. | |
operationId: searchForASafe | |
parameters: | |
- name: query | |
in: query | |
schema: | |
type: string | |
example: "{{Query}}" | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "1250" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:19:06 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
SearchSafesResult: | |
type: array | |
items: | |
type: object | |
properties: | |
Description: | |
type: string | |
example: "Dev, CyberArk, REST API, Accounts" | |
ManagingCPM: | |
type: string | |
example: PasswordManagerNG | |
NumberOfDaysRetention: | |
nullable: true | |
example: ~ | |
NumberOfVersionsRetention: | |
type: number | |
example: 5 | |
OLACEnabled: | |
type: boolean | |
example: false | |
SafeName: | |
type: string | |
example: D-CYBR-RESTAPI-ACCTS | |
example: | |
- Description: "Dev, CyberArk, REST API, Accounts" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-CYBR-RESTAPI-ACCTS | |
- Description: "" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-LIN-ADMIN-USERS | |
- Description: "Dev, Linux, Root, SSH Keys" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-LIN-ROOT-SSHKEYS | |
- Description: "Dev, MySQL, Local Users" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-MYSQL-LOCAL-USERS | |
- Description: "DEV, Qualys, Accounts" | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-QUALYS-ACCTS | |
- Description: "DEV, Tenable, Accounts" | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-TENABLE-ACCTS | |
- Description: "" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-TEST-SAFE | |
examples: | |
200 OK: | |
value: | |
SearchSafesResult: | |
- Description: "Dev, CyberArk, REST API, Accounts" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-CYBR-RESTAPI-ACCTS | |
- Description: "" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-LIN-ADMIN-USERS | |
- Description: "Dev, Linux, Root, SSH Keys" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-LIN-ROOT-SSHKEYS | |
- Description: "Dev, MySQL, Local Users" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-MYSQL-LOCAL-USERS | |
- Description: "DEV, Qualys, Accounts" | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-QUALYS-ACCTS | |
- Description: "DEV, Tenable, Accounts" | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-TENABLE-ACCTS | |
- Description: "" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: D-TEST-SAFE | |
post: | |
tags: | |
- Safes | |
summary: Add Safe | |
description: "This method adds a new Safe to the Vault.\n\nThe user who runs this web service requires **Add Safes** permissions in the Vault." | |
operationId: addSafe | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"safe\": {\n\t\t\"SafeName\":\"<Safe name>\",\n\t\t\"Description\":\"<Description>\",\n\t\t\"OLACEnabled\":<true/false>,\n\t\t\"ManagingCPM\":\"<CPM user>\",\n\t\t\"NumberOfVersionsRetention\":<1-999>,\n\t\t\"NumberOfDaysRetention\":<1-3650>\n\t}\n}" | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/WebServices/PIMServices.svc/Safes/{Safe}": | |
get: | |
tags: | |
- Safes | |
- v1 API1234 | |
summary: Get Safe Details | |
description: This method returns information about a specific Safe in the Vault. | |
operationId: getSafeDetails1 | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "180" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:16:41 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
GetSafeResult: | |
type: object | |
properties: | |
Description: | |
type: string | |
example: "" | |
ManagingCPM: | |
type: string | |
example: PasswordManagerNG | |
NumberOfDaysRetention: | |
nullable: true | |
example: ~ | |
NumberOfVersionsRetention: | |
type: number | |
example: 5 | |
OLACEnabled: | |
type: boolean | |
example: false | |
SafeName: | |
type: string | |
example: P-WIN-LOCAL-ADMIN | |
examples: | |
200 OK: | |
value: | |
GetSafeResult: | |
Description: "" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: P-WIN-LOCAL-ADMIN | |
put: | |
tags: | |
- Safes | |
summary: Update Safe | |
description: "This method updates a single Safe in the Vault. The user who runs this web service requires the following permissions:\n\nIn the Vault:\n* Manage Safes\n\nIn the Safe:\n* View Safe Members" | |
operationId: updateSafe | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"safe\": {\n\t\t\"SafeName\":\"<The name of the Safe>\",\n\t\t\"Description\":\"<Description of the Safe>\",\n\t\t\"OLACEnabled\":<true/false>,\n\t\t\"ManagingCPM\":\"<Name of CPM user managing the Safe>\",\n\t\t\"NumberOfVersionsRetention\":<1-999>,\n\t\t\"NumberOfDaysRetention\":<1-3650>\n\t}\n}" | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "224" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:18:14 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
UpdateSafeResult: | |
type: object | |
properties: | |
Description: | |
type: string | |
example: "Production, Windows, Local Administrators" | |
ManagingCPM: | |
type: string | |
example: PasswordManagerNG | |
NumberOfDaysRetention: | |
nullable: true | |
example: ~ | |
NumberOfVersionsRetention: | |
type: number | |
example: 5 | |
OLACEnabled: | |
type: boolean | |
example: false | |
SafeName: | |
type: string | |
example: P-WIN-LOCAL-ADMIN | |
examples: | |
200 OK: | |
value: | |
UpdateSafeResult: | |
Description: "Production, Windows, Local Administrators" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: P-WIN-LOCAL-ADMIN | |
delete: | |
tags: | |
- Safes | |
summary: Delete Safe | |
description: "This method deletes a Safe from the Vault.\n\nThe user who runs this web service requires **Manage Safe** permissions in the Vault." | |
operationId: deleteSafe | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: Safe | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/WebServices/PIMServices.svc/Safes/{Safe}/Members": | |
get: | |
tags: | |
- Safes | |
- Safe Members | |
summary: List Safe Members | |
description: This method returns a list of the members of the Safe. The user performing this task must have **ViewSafeMembers** permissions in the Safe. | |
operationId: listSafeMembers | |
responses: | |
"200": | |
description: "" | |
post: | |
tags: | |
- Safes | |
- Safe Members | |
summary: Add Safe Member | |
description: "This method adds an existing user as a Safe member.\n\nThe user who runs this web service requires **Manage Safe Members** permissions in the Vault." | |
operationId: addSafeMember | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"member\": {\n\t\t\"MemberName\":\"<The name of the user to add as a Safe member>\",\n\t\t\"SearchIn\":\"<Search for the member in the Vault or Domain>\",\n\t\t\"MembershipExpirationDate\":\"<MM\\DD\\YY or empty if there is no expiration date>\",\n\t\t\"Permissions\":<User’s permissions in the Safe>\n\t\t[\n\t\t\t{\"Key\":\"UseAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RetrieveAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ListAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"AddAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UpdateAccountContent\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UpdateAccountProperties\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"InitiateCPMAccountManagementOperations\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"SpecifyNextAccountContent\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RenameAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"DeleteAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UnlockAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ManageSafe\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ManageSafeMembers\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"BackupSafe\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ViewAuditLog\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ViewSafeMembers\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RequestsAuthorizationLevel\", \"Value\":<0/1/2>},\n\t\t\t{\"Key\":\"AccessWithoutConfirmation\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"CreateFolders\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"DeleteFolders\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"MoveAccountsAndFolders\", \"Value\":<true/false>}\n\t\t]\n\t}\n}" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: Safe | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/WebServices/PIMServices.svc/Safes/{Safe}/Members/{SafeMember}": | |
put: | |
tags: | |
- Safes | |
- Safe Members | |
summary: Update Safe Member | |
description: "This method updates an existing Safe member.\n\nThe user who runs this web service requires **Manage Safe Members** permissions in the Vault." | |
operationId: updateSafeMember | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"member\": {\n\t\t\"MembershipExpirationDate\":\"<MM\\DD\\YY or empty for no expiration>\",\n\t\t\"Permissions\":<User’s permissions in the Safe>\n\t\t[\n\t\t\t{\"Key\":\"UseAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RetrieveAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ListAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"AddAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UpdateAccountContent\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UpdateAccountProperties\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"InitiateCPMAccountManagementOperations\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"SpecifyNextAccountContent\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RenameAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"DeleteAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"UnlockAccounts\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ManageSafe\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ManageSafeMembers\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"BackupSafe\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ViewAuditLog\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"ViewSafeMembers\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"RequestsAuthorizationLevel\", \"Value\":<0/1/2>},\n\t\t\t{\"Key\":\"AccessWithoutConfirmation\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"CreateFolders\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"DeleteFolders\", \"Value\":<true/false>},\n\t\t\t{\"Key\":\"MoveAccountsAndFolders\", \"Value\":<true/false>}\n\t\t]\n\t}\n}" | |
responses: | |
"200": | |
description: "" | |
delete: | |
tags: | |
- Safes | |
- Safe Members | |
summary: Delete Safe Member | |
description: "This method removes a specific member from a Safe.\n\nThe user who runs this web service requires **Manage Safe Members** permissions in the Vault." | |
operationId: deleteSafeMember | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: Safe | |
in: path | |
required: true | |
schema: | |
type: string | |
- name: SafeMember | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/WebServices/PIMServices.svc/Server: | |
get: | |
tags: | |
- Server | |
summary: Server | |
description: This method returns the display name of the Vault configured in the **ServerDisplayName** configuration parameter. | |
operationId: server | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "79" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:21:22 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
ExternalVersion: | |
type: string | |
example: 10.5.0 | |
InternalVersion: | |
type: string | |
example: 10.5.0.48 | |
ServerName: | |
type: string | |
example: Vault | |
examples: | |
200 OK: | |
value: | |
ExternalVersion: 10.5.0 | |
InternalVersion: 10.5.0.48 | |
ServerName: Vault | |
/PasswordVault/WebServices/PIMServices.svc/User: | |
get: | |
tags: | |
- User Management | |
- Users | |
- v2 API12345 | |
summary: Logged On User Details | |
description: This method returns user information of the user who is logged on. | |
operationId: loggedOnUserDetails | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "223" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:23:17 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
AgentUser: | |
type: boolean | |
example: false | |
Disabled: | |
type: boolean | |
example: false | |
Email: | |
type: string | |
example: "" | |
Expired: | |
type: boolean | |
example: false | |
ExpiryDate: | |
nullable: true | |
example: ~ | |
FirstName: | |
type: string | |
example: "" | |
LastName: | |
type: string | |
example: "" | |
Location: | |
type: string | |
example: "\\" | |
Source: | |
type: string | |
example: Internal | |
Suspended: | |
type: boolean | |
example: false | |
UserName: | |
type: string | |
example: Administrator | |
UserTypeName: | |
type: string | |
example: Built-InAdmins | |
examples: | |
200 OK: | |
value: | |
AgentUser: false | |
Disabled: false | |
Email: "" | |
Expired: false | |
ExpiryDate: ~ | |
FirstName: "" | |
LastName: "" | |
Location: "\\" | |
Source: Internal | |
Suspended: false | |
UserName: Administrator | |
UserTypeName: Built-InAdmins | |
/PasswordVault/WebServices/PIMServices.svc/Users: | |
post: | |
tags: | |
- User Management | |
- Users | |
- v1 API12345 | |
summary: Add User | |
description: Add User | |
operationId: addUser1 | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"UserName\":\"<string>\",\n\t\"InitialPassword\":\"<string>\",\n\t\"Email\":\"<string>\",\n\t\"FirstName\":\"<string>\",\n\t\"LastName\":\"<string>\",\n\t\"ChangePasswordOnTheNextLogon\":<bool>,\n\t\"ExpiryDate\":\"<string>\",\n\t\"UserTypeName\":\"<string>\",\n\t\"Disabled\":<bool>,\n\t\"Location\":\"<string>\"\n}" | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/WebServices/PIMServices.svc/Users/{UserID}": | |
get: | |
tags: | |
- User Management | |
- Users | |
- v2 API12345 | |
summary: Get User Details | |
description: "This method returns information about a specific user in the Vault.\n\nTo run this Web service, you must have the following permissions:\n\n* Audit users" | |
operationId: getUserDetails | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "218" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:23:43 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
AgentUser: | |
type: boolean | |
example: false | |
Disabled: | |
type: boolean | |
example: false | |
Email: | |
type: string | |
example: "" | |
Expired: | |
type: boolean | |
example: false | |
ExpiryDate: | |
nullable: true | |
example: ~ | |
FirstName: | |
type: string | |
example: "" | |
LastName: | |
type: string | |
example: "" | |
Location: | |
type: string | |
example: "\\" | |
Source: | |
type: string | |
example: Internal | |
Suspended: | |
type: boolean | |
example: false | |
UserName: | |
type: string | |
example: Svc_AnsibleREST | |
UserTypeName: | |
type: string | |
example: EPVUser | |
examples: | |
200 OK: | |
value: | |
AgentUser: false | |
Disabled: false | |
Email: "" | |
Expired: false | |
ExpiryDate: ~ | |
FirstName: "" | |
LastName: "" | |
Location: "\\" | |
Source: Internal | |
Suspended: false | |
UserName: Svc_AnsibleREST | |
UserTypeName: EPVUser | |
put: | |
tags: | |
- User Management | |
- Users | |
- v2 API12345 | |
summary: Update User | |
description: This method updates an existing Vault user. | |
operationId: updateUser | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"NewPassword\":\"<string>\",\n\t\"Email\":\"<string>\",\n\t\"FirstName\":\"<string>\",\n\t\"LastName\":\"<string>\",\n\t\"ChangePasswordOnTheNextLogon\":<bool>,\n\t\"ExpiryDate\":\"<string>\",\n\t\"UserTypeName\":\"<string>\",\n\t\"Disabled\":<bool>,\n\t\"Location\":\"<string>\"\n}" | |
responses: | |
"200": | |
description: "" | |
delete: | |
tags: | |
- User Management | |
- Users | |
- v2 API12345 | |
summary: Delete User | |
description: This method deletes a specific user in the Vault. | |
operationId: deleteUser | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: UserID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/WebServices/PIMServices.svc/Users/{UserName}/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys": | |
get: | |
tags: | |
- User Management | |
- Public SSH Authentication | |
summary: Get Public SSH Key | |
description: "This method retrieves all public SSH keys that are authorized for a specific user.\n\nThe user who runs this web service requires the following permission in the Vault:\n\n* Reset Users' Passwords\n\nIn addition, the user who runs this web service must be in the same Vault Location or higher as the user whose public SSH keys are retrieved.\n\n**Note:** A user cannot manage their own public SSH keys." | |
operationId: getPublicSshKey | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "833" | |
Date: | |
schema: | |
type: string | |
example: "Wed, 21 Nov 2018 03:03:15 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
GetUserAuthorizedKeysResult: | |
type: array | |
items: | |
type: object | |
properties: | |
KeyID: | |
type: string | |
example: 9EE257E234F73FE335DF8049E72DC0F3 | |
PublicSSHKey: | |
type: string | |
example: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ== | |
example: | |
- KeyID: 9EE257E234F73FE335DF8049E72DC0F3 | |
PublicSSHKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ== | |
examples: | |
200 OK: | |
value: | |
GetUserAuthorizedKeysResult: | |
- KeyID: 9EE257E234F73FE335DF8049E72DC0F3 | |
PublicSSHKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ== | |
post: | |
tags: | |
- User Management | |
- Public SSH Authentication | |
summary: Add a Public SSH Key | |
description: "This method adds an authorized public SSH key for a specific user in the Vault, allowing them to authenticate to the Vault through PSM for SSH using a corresponding private SSH key.\n\nThe user who runs this web service requires **Reset Users' Passwords** permissions in the Vault.\n\nIn addition, the user who runs this web service must be in the same Vault location as or higher than the user whose public SSH keys are added.\n\n**Note:** A user cannot manage their own public SSH keys." | |
operationId: addAPublicSshKey | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
PublicSSHKey: | |
type: string | |
example: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ== | |
example: | |
PublicSSHKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ== | |
responses: | |
"201": | |
description: 201 The public SSH key was added successfully | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "830" | |
Date: | |
schema: | |
type: string | |
example: "Wed, 21 Nov 2018 03:01:57 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
AddUserAuthorizedKeyResult: | |
type: object | |
properties: | |
KeyID: | |
type: string | |
example: 9EE257E234F73FE335DF8049E72DC0F3 | |
PublicSSHKey: | |
type: string | |
example: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ== | |
examples: | |
201 The public SSH key was added successfully: | |
value: | |
AddUserAuthorizedKeyResult: | |
KeyID: 9EE257E234F73FE335DF8049E72DC0F3 | |
PublicSSHKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVhosq/CGJ06Lgj6flNVn9YbKUtilGPqvErArXC8mTNajx9r5rYtNBu5pkz4wuHuaHwR8nQivY2iTS+UO+FdoM/k+9o+VeJ3VtFPQq6/5mIIXCGs3L6IAkDOYvP45T/aEvnh/EG4C8xpZEEku1COfXWO6m3OdWtqoGMwDu8OymppcpXC7acZ/xgcue3aKJAvIQM29y3EGdFc6jFgelJLPCytA9rKY+OZMvLp0MqVL8Ukh2e/5zo+oqmVm9hXsjNiNOUmwdPm9TUxNcdzIETAZJwF65sgBD2ka8YmBKF80Xnb3ZMhDioqABQO9uuEoA3UhQ2M61jyrQ7HY4mXJaKo/If4Mo1q4tcE/0EHiB0uRFgZOSSq8mO22C7Lw8xz+9gTpFQFi7n4HNu5HrTyTsSX0FHv7xi4Z3wbqkrmPlmmXgV5VnyOA+ApqWHzoZqlwxUiUbYrnKHjWaivNqjXSyFHgV/cBYk/yH+f2wJaOlM1Dh8mvGpy6mojWAUHBC8xcENzJ7DIs2AgB43Ri+s6wqYRmNjwe9zBW1yi0IEq51KqVT2f+DYLNQ6FJl9jHBDl7npvZPKnK9uKKZmfZ+6GLgMCX8FRL+WOA9Ft51VcvIOlZeN59AW70AwXe7lh/ZdTRiyveYKmrSdWrFr3XYHaX7CANmIgoH1ZFG4RjG/cQ+e2jYMQ== | |
parameters: | |
- name: UserName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/WebServices/PIMServices.svc/Users/{UserName}/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys/{KeyID}": | |
delete: | |
tags: | |
- User Management | |
- Public SSH Authentication | |
summary: Delete Public SSH Key | |
description: "This method deletes an authorized public SSH key for a specific user in the Vault, preventing them from authenticating to the Vault via PSM for SSH using a corresponding private SSH key.\n\nThe user who runs this web service requires **Reset Users' Passwords** permission in the Vault.\n\nIn addition, the user who runs this web service must be in the same Vault location as or higher than the user whose public SSH keys are deleted.\n\n**Note:** A user cannot manage their own public SSH keys." | |
operationId: deletePublicSshKey | |
responses: | |
"200": | |
description: 200 The public SSH key was deleted successfully | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "0" | |
Date: | |
schema: | |
type: string | |
example: "Wed, 21 Nov 2018 03:05:36 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: {} | |
parameters: | |
- name: UserName | |
in: path | |
required: true | |
schema: | |
type: string | |
- name: KeyID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/WebServices/PIMServices.svc/Verify: | |
get: | |
tags: | |
- Server | |
summary: Verify | |
description: This method returns the display name of the Vault configured in the **ServerDisplayName** configuration parameter. | |
operationId: verify | |
requestBody: | |
content: | |
application/form-urlencoded: | |
schema: | |
type: object | |
properties: {} | |
example: {} | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logoff: | |
post: | |
tags: | |
- Authentication | |
- v1 API123 | |
summary: Logoff | |
description: This method logs off the user and removes the Vault session. | |
operationId: logoff2 | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logon: | |
post: | |
tags: | |
- Authentication | |
- v1 API123 | |
summary: Logon | |
description: "This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method allows you to set a new password.\n\nUsers can authenticate using CyberArk, LDAP or RADIUS authentication." | |
operationId: logon1 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
connectionNumber: | |
type: string | |
example: "1" | |
password: | |
type: string | |
example: "{{apiPassword}}" | |
username: | |
type: string | |
example: "{{apiUsername}}" | |
example: | |
connectionNumber: "1" | |
password: "{{apiPassword}}" | |
username: "{{apiUsername}}" | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/WebServices/auth/Shared/RestfulAuthenticationService.svc/Logoff: | |
post: | |
tags: | |
- Authentication | |
- Shared Logon Authentication | |
summary: Logoff | |
description: This method logs off the shared user and removes the Vault session. | |
operationId: logoff3 | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/WebServices/auth/Shared/RestfulAuthenticationService.svc/Logon: | |
post: | |
tags: | |
- Authentication | |
- Shared Logon Authentication | |
summary: Logon | |
description: "Shared authentication is based on a user credential file that is stored in the PVWA web server. During shared authentication, only the user defined in the credential file can log on to the PVWA, but multiple users can use the logon token.\n\nThis type of authentication **requires** the application using the REST services to manage the users as the Vault can't identify which specific user performs each action.\n\nMultiple concurrent connections can be created using the same token, without affecting each other.\n\nThe shared user is defined in a user credential file, whose location is specified in the WSCredentialFile parameter, in the appsettings section of the PVWAweb.config file:\n\n```\n<add key=\"WSCredentialFile\" value=\"C:\\CyberArk\\Password Vault Web Access\\CredFiles\\WSUser.ini\"/>\n```\n\n* Make sure that this user can access the PVWA interface.\n* Make sure the user only has the permissions in the Vault that they require.\n\nFor information about securing communication when using the SDK, refer to the following:\n\n* [Securing application-to-REST communication](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Securing%20Communication.htm)\n* [Configuring client authentication via certificates](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Configuring%20Client%20Authentication%20via%20Client%20Certificates.htm)\n\nThis method authenticates to the Vault with a shared webservices user and returns a token that will be used in subsequent web services calls.\n\nThis is supported for CyberArk authentication only, and not for third party authentication." | |
operationId: logon2 | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "" | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/api/Accounts: | |
get: | |
tags: | |
- Accounts | |
- v2 API | |
summary: Get Accounts | |
description: "This method returns a list of all the accounts in the Vault.\n\nThe user who runs this web service requires **List Accounts** permissions in the Safe." | |
operationId: getAccounts | |
parameters: | |
- name: search | |
in: query | |
schema: | |
type: string | |
example: DemoUser | |
description: "List of keywords to search for in accounts, separated by a space." | |
- name: searchType | |
in: query | |
schema: | |
type: string | |
example: contains | |
description: "Get accounts that either contain or start with the value specified in the Search parameter. Valid values: contains (default) or startswith." | |
- name: sort | |
in: query | |
schema: | |
type: string | |
example: UserName | |
description: "Property or properties by which to sort returned accounts, followed by asc (default) or desc to control sort direction. Separate multiple properties with commas, up to a maximum of three properties." | |
- name: offset | |
in: query | |
schema: | |
type: string | |
example: "25" | |
description: Offset of the first account that is returned in the collection of results. | |
- name: limit | |
in: query | |
schema: | |
type: string | |
example: "1000" | |
description: "Maximum number of returned accounts. If not specified, the default value is 50. The maximum number that can be specified is 1000." | |
- name: filter | |
in: query | |
schema: | |
type: string | |
example: "safeName eq {{Safe}}" | |
description: "Get accounts from a specific safe, using the safe name." | |
responses: | |
"200": | |
description: "" | |
post: | |
tags: | |
- Accounts | |
- v2 API | |
summary: Add Account | |
description: "This method adds a new privileged account or SSH key to the Vault.\n\nTo run this web service, a user requires the following permission in the Vault:\n\n* Add account\n\nAND either\n\n* Update password\n\nOR\n\n* Update password properties\n\n**Note:** You require an additional license to add SSH keys to the Vault. For more information, contact your CyberArk representative." | |
operationId: addAccount | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
address: | |
type: string | |
example: string | |
name: | |
type: string | |
example: string | |
platformAccountProperties: | |
type: object | |
properties: | |
LogonDomain: | |
type: string | |
example: string | |
Port: | |
type: string | |
example: integer | |
platformId: | |
type: string | |
example: string | |
remoteMachinesAccess: | |
type: object | |
properties: | |
accessRestrictedToRemoteMachines: | |
type: boolean | |
example: true | |
remoteMachines: | |
type: string | |
example: string | |
safeName: | |
type: string | |
example: string | |
secret: | |
type: string | |
example: string | |
secretManagement: | |
type: object | |
properties: | |
automaticManagementEnabled: | |
type: boolean | |
example: true | |
manualManagementReason: | |
type: string | |
example: string | |
secretType: | |
type: string | |
example: password | |
userName: | |
type: string | |
example: string | |
example: | |
address: string | |
name: string | |
platformAccountProperties: | |
LogonDomain: string | |
Port: integer | |
platformId: string | |
remoteMachinesAccess: | |
accessRestrictedToRemoteMachines: true | |
remoteMachines: string | |
safeName: string | |
secret: string | |
secretManagement: | |
automaticManagementEnabled: true | |
manualManagementReason: string | |
secretType: password | |
userName: string | |
responses: | |
"201": | |
description: Add Dual Account - 201 Created | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "481" | |
Date: | |
schema: | |
type: string | |
example: "Fri, 07 Feb 2020 19:04:06 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Location: | |
schema: | |
type: string | |
example: "https://cyberark.joegarcia.dev/PasswordVault/api/Accounts/29_7" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
api-supported-versions: | |
schema: | |
type: string | |
example: "11.0" | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
address: | |
type: string | |
example: db2.joegarcia.dev | |
createdTime: | |
type: number | |
example: 1581084295 | |
id: | |
type: string | |
example: "29_7" | |
name: | |
type: string | |
example: Database-MySQL-db2.joegarcia.dev-cluster02sqluser01 | |
platformAccountProperties: | |
type: object | |
properties: | |
DualAccountStatus: | |
type: string | |
example: Active | |
Index: | |
type: string | |
example: "1" | |
VirtualUsername: | |
type: string | |
example: cluster02sqluser | |
platformId: | |
type: string | |
example: MySQLServer-DualAccounts | |
safeName: | |
type: string | |
example: D-MySQL-Users | |
secretManagement: | |
type: object | |
properties: | |
automaticManagementEnabled: | |
type: boolean | |
example: false | |
lastModifiedTime: | |
type: number | |
example: 1581084295 | |
manualManagementReason: | |
type: string | |
example: testing | |
secretType: | |
type: string | |
example: password | |
userName: | |
type: string | |
example: cluster02sqluser01 | |
examples: | |
Add Dual Account - 201 Created: | |
value: | |
address: db2.joegarcia.dev | |
createdTime: 1581084295 | |
id: "29_7" | |
name: Database-MySQL-db2.joegarcia.dev-cluster02sqluser01 | |
platformAccountProperties: | |
DualAccountStatus: Active | |
Index: "1" | |
VirtualUsername: cluster02sqluser | |
platformId: MySQLServer-DualAccounts | |
safeName: D-MySQL-Users | |
secretManagement: | |
automaticManagementEnabled: false | |
lastModifiedTime: 1581084295 | |
manualManagementReason: testing | |
secretType: password | |
userName: cluster02sqluser01 | |
/PasswordVault/api/Accounts/AdHocConnect: | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v2 API1 | |
summary: Ad-Hoc Connect through PSM | |
description: "This method allows you to connect through PSM without using an existing account, by returning settings that can be used with an RDP client application or for the HTML5 gateway.\n\nYou must enable Privileged Session Monitoring and ad-hoc connection via PVWA configuration. For more details, see [Ad Hoc Connections](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Secure-Connect.htm)." | |
operationId: adHocConnectThroughPsm | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Address: | |
type: string | |
example: "<Address>" | |
PSMConnectPrerequisites: | |
type: object | |
properties: | |
ConnectionComponent: | |
type: string | |
example: "<Connection Component ID>" | |
ConnectionType: | |
type: string | |
example: "<RDPFile or PSMGW>" | |
PlatformId: | |
type: string | |
example: "<Secure Connect Platform>" | |
Secret: | |
type: string | |
example: "<password>" | |
UserName: | |
type: string | |
example: "<User Name>" | |
extraFields: | |
type: object | |
properties: {} | |
example: | |
Address: "<Address>" | |
PSMConnectPrerequisites: | |
ConnectionComponent: "<Connection Component ID>" | |
ConnectionType: "<RDPFile or PSMGW>" | |
PlatformId: "<Secure Connect Platform>" | |
Secret: "<password>" | |
UserName: "<User Name>" | |
extraFields: {} | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/api/Accounts/{AccountID}": | |
get: | |
tags: | |
- Accounts | |
- v2 API | |
summary: Get Account Details | |
description: "This method returns information about an account identified by its ID.\n\nThe user who runs this web service requires **List Accounts** permissions in the Safe where the account is located inside the Vault." | |
operationId: getAccountDetails | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "317" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:27:37 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
address: | |
type: string | |
example: 192.168.3.101 | |
createdTime: | |
type: number | |
example: 1541876282 | |
id: | |
type: string | |
example: "24_3" | |
name: | |
type: string | |
example: ANSIBLE-RESTAPI-USER | |
platformId: | |
type: string | |
example: JG-CyberArkVault | |
safeName: | |
type: string | |
example: D-CYBR-RESTAPI-ACCTS | |
secretManagement: | |
type: object | |
properties: | |
automaticManagementEnabled: | |
type: boolean | |
example: true | |
lastModifiedTime: | |
type: number | |
example: 1541876282 | |
status: | |
type: string | |
example: success | |
secretType: | |
type: string | |
example: password | |
userName: | |
type: string | |
example: Svc_AnsibleREST | |
examples: | |
200 OK: | |
value: | |
address: 192.168.3.101 | |
createdTime: 1541876282 | |
id: "24_3" | |
name: ANSIBLE-RESTAPI-USER | |
platformId: JG-CyberArkVault | |
safeName: D-CYBR-RESTAPI-ACCTS | |
secretManagement: | |
automaticManagementEnabled: true | |
lastModifiedTime: 1541876282 | |
status: success | |
secretType: password | |
userName: Svc_AnsibleREST | |
delete: | |
tags: | |
- Accounts | |
- v2 API | |
summary: Delete Account | |
description: "This method deletes a specific account in the Vault.\n\nThe user who runs this web service requires **Delete Accounts** permissions in the Vault." | |
operationId: deleteAccount | |
responses: | |
"200": | |
description: "" | |
patch: | |
tags: | |
- Accounts | |
- v2 API | |
summary: Update Account | |
description: "This method updates an existing account's details. It is not mandatory to send all the account’s details. Any changed values sent in the request will be updated. All other properties values will remain the same.\n\nOn each property, the following operations can be performed:\n\n* Replace - replace the existing value of a property\n* Remove (to remove the property from the account)\n* Add (to add that property to the account)\n\nIt is possible to set several properties using the same command using the following structure:\n\n```json\n[\n\t{\n\t \"op\": \"replace\",\n\t \"path\": \"/platformaccountproperties\",\n\t \"value\": \"{\n\t \\\"{PropertyID1}\\\":\\\"{Value}\\\",\n\t \\\"{PropertyID2}\\\":\\\"{Value}\\\",\n\t \\\"{PropertyID3}\\\":\\\"{Value}\\\"\n\t }\"\n\t}\n]\n```\n\nWhen sending several operations on the same property, only the last operation will affect the property." | |
operationId: updateAccount | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: array | |
items: | |
type: object | |
properties: | |
op: | |
type: string | |
example: replace | |
path: | |
type: string | |
example: /address | |
value: | |
type: string | |
example: NewAddress | |
example: | |
- op: replace | |
path: /address | |
value: NewAddress | |
- op: add | |
path: /port | |
value: "3306" | |
- op: remove | |
path: /ticketnumber | |
value: "" | |
example: | |
- op: replace | |
path: /address | |
value: NewAddress | |
- op: add | |
path: /port | |
value: "3306" | |
- op: remove | |
path: /ticketnumber | |
value: "" | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "271" | |
Date: | |
schema: | |
type: string | |
example: "Tue, 15 Jan 2019 17:39:16 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
address: | |
type: string | |
example: NewAddress | |
createdTime: | |
type: number | |
example: 1547468682 | |
id: | |
type: string | |
example: "29_3" | |
name: | |
type: string | |
example: TEST-RESTAPI-uadmin | |
platformId: | |
type: string | |
example: WinDomain | |
safeName: | |
type: string | |
example: TEST-RESTAPI | |
secretManagement: | |
type: object | |
properties: | |
automaticManagementEnabled: | |
type: boolean | |
example: true | |
lastModifiedTime: | |
type: number | |
example: 1547468682 | |
secretType: | |
type: string | |
example: password | |
userName: | |
type: string | |
example: u_admin | |
examples: | |
200 OK: | |
value: | |
address: NewAddress | |
createdTime: 1547468682 | |
id: "29_3" | |
name: TEST-RESTAPI-uadmin | |
platformId: WinDomain | |
safeName: TEST-RESTAPI | |
secretManagement: | |
automaticManagementEnabled: true | |
lastModifiedTime: 1547468682 | |
secretType: password | |
userName: u_admin | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/api/Accounts/{AccountID}/Password/Retrieve": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v2 API1 | |
summary: Get Password Value | |
description: "This method enables users to retrieve the password or SSH key of an existing account that is identified by its Account ID. It enables users to specify a reason and ticket ID, if required.\n\n**Note:** The ability to retrieve credentials using this REST API is intended for human use only and is not recommended for applications or automated processes, where application-based authentication is required.\n\nFor application or automated processes use cases, refer to the [AAM Credential Providers Online Help](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Default.htm)." | |
operationId: getPasswordValue | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"reason\":\"<Reason>\",\n\t\"TicketingSystemName\": \"<Ticketing system>\",\n\t\"TicketId\": \"<Ticketid>\",\n\t\"Version\": <version number>,\n\t\"ActionType\": \"<action type - show\\copy\\connect>\n\t\"isUse\": <true\\false>,\n\t\"Machine\": \"<my remote machine address>\"\n}" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/api/Accounts/{AccountID}/Password/Update": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v2 API1 | |
summary: Change Password in the Vault Only | |
description: "This method enables users to set account credentials and change them in the Vault. This will not affect credentials on the target device.\n\nThe user who runs this web service requires **Update password value** permission in the Safe where the privileged account is stored." | |
operationId: changePasswordInTheVaultOnly | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
ChangeEntireGroup: | |
type: boolean | |
example: false | |
NewCredentials: | |
type: string | |
example: "<string>" | |
example: | |
ChangeEntireGroup: false | |
NewCredentials: "<string>" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/api/Accounts/{AccountID}/grantAdministrativeAccess": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v2 API1 | |
summary: Get Just in Time Access | |
description: "This method requests and receives access to a target Windows machine with administrative rights. The domain user who runs this web service will be added to the local Administrators group of the target machine.\n\n## Supported target machine environments\n\nJust in Time access is supported on the following end user machine environments:\n\n* Windows Server 2012/2012R2/2016\n* Windows 8, Windows 10\n\n## Configuration\n\nConfigure Just in Time access as described in [Configure Just in Time Access](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/11.3/en/Content/PASIMP/adhoc_access_admin.htm).\n\n## User permissions\n\nMake sure that all users who want to request access to the target Windows machine must have the following permission in the Safe:\n\n* List accounts" | |
operationId: getJustInTimeAccess | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/api/AutomaticOnboardingRules: | |
put: | |
tags: | |
- Onboarding Rules | |
summary: Update Onboarding Rule | |
description: Update Onboarding Rule | |
operationId: updateOnboardingRule | |
parameters: | |
- name: id | |
in: query | |
schema: | |
type: string | |
example: "1" | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"TargetPlatformId\": \"<platform ID>\",\n\t\"TargetSafeName\": \"<Safe name>\",\n\t\"IsAdminIDFilter\": <False>,\n\t\"MachineTypeFilter\": \"<Server>\",\n\t\"SystemTypeFilter\": \"<Windows>\",\n\t\"UserNameFilter\": \"<filter>\",\n\t\"UserNameMethod\": \"<Begins>\",\n\t\"AddressFilter\": \"<filter>\",\n\t\"AddressMethod\": \"<Equals>\",\n\t\"AccountCategoryFilter\": \"<Any>\",\n\t\"RuleName\": \"<rule name>\",\n\t\"RuleDescription\": \"<description>\"\n}" | |
responses: | |
"200": | |
description: "" | |
post: | |
tags: | |
- Onboarding Rules | |
summary: Add Onboarding Rule | |
description: "This method adds a new onboarding rule to the Vault that filters discovered local privileged pending accounts. When a discovered pending account matches a rule, it will automatically be onboarded to the Safe that is defined in the rule and the password will be reconciled.\r\nNote: The Safe and the reconcile account must be created according to the rule’s definition before you run this API in order to onboard the pending account automatically. The reconcile account must be associated to the platform that is defined in the rule.\r\nThe user who runs this web service must belong to the following group:\r\n- Vault Admins" | |
operationId: addOnboardingRule | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
DecisionPlatformId: | |
type: string | |
example: WinLocalAccount | |
DecisionSafeName: | |
type: string | |
example: "{{Safe}}" | |
IsAdminUIDFilter: | |
type: string | |
example: "true" | |
MachineTypeFilter: | |
type: string | |
example: Server | |
SystemTypeFilter: | |
type: string | |
example: Windows | |
UserNameFilter: | |
type: string | |
example: "" | |
example: | |
DecisionPlatformId: WinLocalAccount | |
DecisionSafeName: "{{Safe}}" | |
IsAdminUIDFilter: "true" | |
MachineTypeFilter: Server | |
SystemTypeFilter: Windows | |
UserNameFilter: "" | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/api/AutomaticOnboardingRules/: | |
get: | |
tags: | |
- Onboarding Rules | |
summary: Get Onboarding Rule | |
description: "This method returns information about all the defined onboarding rules.\r\nThe user who runs this web service must belong to the following group:\r\n- Vault Admins" | |
operationId: getOnboardingRule | |
responses: | |
"200": | |
description: "" | |
delete: | |
tags: | |
- Onboarding Rules | |
summary: Delete Onboarding Rule | |
description: "This method deletes an automatic onboarding rule from the Vault.\r\nThe user who runs this web service must belong to the following group:\r\n- Vault Admins" | |
operationId: deleteOnboardingRule | |
parameters: | |
- name: id | |
in: query | |
schema: | |
type: string | |
example: "1" | |
requestBody: | |
content: | |
application/octet-stream: | |
schema: | |
type: string | |
responses: | |
"200": | |
description: "" | |
/PasswordVault/api/Configuration/AuthenticationMethods: | |
get: | |
tags: | |
- Authentication | |
- Authentication Methods Config | |
summary: Get Authentication Methods | |
description: This method returns a list of all existing authentication methods. Any user who is a member of the Vault admins group can run this web service. | |
operationId: getAuthenticationMethods | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache,no-store, no-cache, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "1674" | |
Date: | |
schema: | |
type: string | |
example: "Thu, 24 Sep 2020 00:43:30 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: "no-cache,no-cache" | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Methods: | |
type: array | |
items: | |
type: object | |
properties: | |
displayName: | |
type: string | |
example: "" | |
enabled: | |
type: boolean | |
example: false | |
id: | |
type: string | |
example: windows | |
logoffUrl: | |
type: string | |
example: "" | |
mobileEnabled: | |
type: boolean | |
example: false | |
passwordFieldLabel: | |
type: string | |
example: "" | |
secondFactorAuth: | |
type: string | |
nullable: true | |
example: ~ | |
signInLabel: | |
type: string | |
example: "" | |
usernameFieldLabel: | |
type: string | |
example: "" | |
example: | |
- displayName: "" | |
enabled: false | |
id: windows | |
logoffUrl: "" | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: "" | |
enabled: false | |
id: pki | |
logoffUrl: "" | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: "" | |
enabled: true | |
id: cyberark | |
logoffUrl: "" | |
mobileEnabled: true | |
passwordFieldLabel: "" | |
secondFactorAuth: cyberark | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: "" | |
enabled: false | |
id: oraclesso | |
logoffUrl: "http://[ssoserver]:7777/sso/logout?p_done_url=http://[iisserver]/PasswordVault" | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: "" | |
enabled: false | |
id: rsa | |
logoffUrl: /WebID/IISWebAgentIF.dll?logoff?referrer=/passwordvault | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: Duo (RADIUS) | |
enabled: true | |
id: radius | |
logoffUrl: "" | |
mobileEnabled: true | |
passwordFieldLabel: "" | |
secondFactorAuth: radius | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: "" | |
enabled: true | |
id: ldap | |
logoffUrl: "" | |
mobileEnabled: true | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: IDaptive SAML | |
enabled: true | |
id: saml | |
logoffUrl: "https://tentantid.my.idaptive.app/applogout/appkey/acredacted/customerid/redacted" | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
examples: | |
200 OK: | |
value: | |
Methods: | |
- displayName: "" | |
enabled: false | |
id: windows | |
logoffUrl: "" | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: "" | |
enabled: false | |
id: pki | |
logoffUrl: "" | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: "" | |
enabled: true | |
id: cyberark | |
logoffUrl: "" | |
mobileEnabled: true | |
passwordFieldLabel: "" | |
secondFactorAuth: cyberark | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: "" | |
enabled: false | |
id: oraclesso | |
logoffUrl: "http://[ssoserver]:7777/sso/logout?p_done_url=http://[iisserver]/PasswordVault" | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: "" | |
enabled: false | |
id: rsa | |
logoffUrl: /WebID/IISWebAgentIF.dll?logoff?referrer=/passwordvault | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: Duo (RADIUS) | |
enabled: true | |
id: radius | |
logoffUrl: "" | |
mobileEnabled: true | |
passwordFieldLabel: "" | |
secondFactorAuth: radius | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: "" | |
enabled: true | |
id: ldap | |
logoffUrl: "" | |
mobileEnabled: true | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
- displayName: IDaptive SAML | |
enabled: true | |
id: saml | |
logoffUrl: "https://tentantid.my.idaptive.app/applogout/appkey/acredacted/customerid/redacted" | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
post: | |
tags: | |
- Authentication | |
- Authentication Methods Config | |
summary: Add Authentication Method | |
description: This method adds a new authentication method. Any user who is a member of the Vault admins group can run this web service. | |
operationId: addAuthenticationMethod | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
displayName: | |
type: string | |
example: IDaptive SAML | |
enabled: | |
type: boolean | |
example: true | |
id: | |
type: string | |
example: saml | |
logoffUrl: | |
type: string | |
example: "https://domain.com/idp/logoff" | |
mobileEnabled: | |
type: boolean | |
example: false | |
passwordFieldLabel: | |
type: string | |
example: "" | |
secondFactorAuth: | |
nullable: true | |
example: ~ | |
signInLabel: | |
type: string | |
example: "" | |
usernameFieldLabel: | |
type: string | |
example: "" | |
example: | |
displayName: IDaptive SAML | |
enabled: true | |
id: saml | |
logoffUrl: "https://domain.com/idp/logoff" | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/api/Configuration/AuthenticationMethods/{authID}": | |
get: | |
tags: | |
- Authentication | |
- Authentication Methods Config | |
summary: Get Specific Authentication Method | |
description: This method returns a specific authentication method. Any user who is a member of the Vault Admins group can run this web service. | |
operationId: getSpecificAuthenticationMethod | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache,no-store, no-cache, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "288" | |
Date: | |
schema: | |
type: string | |
example: "Thu, 24 Sep 2020 00:45:20 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: "no-cache,no-cache" | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
displayName: | |
type: string | |
example: IDaptive SAML | |
enabled: | |
type: boolean | |
example: true | |
id: | |
type: string | |
example: saml | |
logoffUrl: | |
type: string | |
example: "https://tenantid.my.idaptive.app/applogout/appkey/acredacted/customerid/redacted" | |
mobileEnabled: | |
type: boolean | |
example: false | |
passwordFieldLabel: | |
type: string | |
example: "" | |
secondFactorAuth: | |
nullable: true | |
example: ~ | |
signInLabel: | |
type: string | |
example: "" | |
usernameFieldLabel: | |
type: string | |
example: "" | |
examples: | |
200 OK: | |
value: | |
displayName: IDaptive SAML | |
enabled: true | |
id: saml | |
logoffUrl: "https://tenantid.my.idaptive.app/applogout/appkey/acredacted/customerid/redacted" | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
put: | |
tags: | |
- Authentication | |
- Authentication Methods Config | |
summary: Update Authentication Method | |
description: This method updates the properties for a specific authentication method. Any user who is a member of the Vault admins group can run this web service. | |
operationId: updateAuthenticationMethod | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
displayName: | |
type: string | |
example: "" | |
enabled: | |
type: boolean | |
example: true | |
logoffUrl: | |
type: string | |
example: "https://domain.com/idp/logoff" | |
mobileEnabled: | |
type: boolean | |
example: false | |
passwordFieldLabel: | |
type: string | |
example: "" | |
secondFactorAuth: | |
nullable: true | |
example: ~ | |
signInLabel: | |
type: string | |
example: "" | |
usernameFieldLabel: | |
type: string | |
example: "" | |
example: | |
displayName: "" | |
enabled: true | |
logoffUrl: "https://domain.com/idp/logoff" | |
mobileEnabled: false | |
passwordFieldLabel: "" | |
secondFactorAuth: ~ | |
signInLabel: "" | |
usernameFieldLabel: "" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: authID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/api/Configuration/LDAP/Directories: | |
get: | |
tags: | |
- LDAP Integration | |
- LDAP Directories | |
summary: Get Directories | |
description: "This method returns a list of existing directories in the Vault. Each directory will be returned with its own data.\n\nTo run this web service, the user must be a member of the Vault Admins group." | |
operationId: getDirectories | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "80" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:24:35 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: array | |
items: | |
type: object | |
properties: | |
DomainBaseContext: | |
type: string | |
example: "DC=cyberarkdemo,DC=com" | |
DomainName: | |
type: string | |
example: cyberarkdemo.com | |
example: | |
- DomainBaseContext: "DC=cyberarkdemo,DC=com" | |
DomainName: cyberarkdemo.com | |
examples: | |
200 OK: | |
value: | |
- DomainBaseContext: "DC=cyberarkdemo,DC=com" | |
DomainName: cyberarkdemo.com | |
post: | |
tags: | |
- LDAP Integration | |
- LDAP Directories | |
summary: Create Directory | |
description: "This method creates a directory in the Vault. Any user who is a member of the Vault Admins group can run this web service.\n\nCreating a new directory in the Vault sets up an automated process that obtains user identification and security information via LDAP, and that automatically provisions Vault users based on the external user account, group membership, and attributes." | |
operationId: createDirectory | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
BindPassword: | |
type: string | |
example: string | |
BindUsername: | |
type: string | |
example: string | |
DirectoryType: | |
type: string | |
example: MicrosoftADProfile.ini | |
DomainBaseContext: | |
type: string | |
example: string | |
DomainName: | |
type: string | |
example: string | |
HostAddresses: | |
type: array | |
items: | |
type: string | |
example: string | |
example: | |
- string | |
Port: | |
type: number | |
example: 389 | |
example: | |
BindPassword: string | |
BindUsername: string | |
DirectoryType: MicrosoftADProfile.ini | |
DomainBaseContext: string | |
DomainName: string | |
HostAddresses: | |
- string | |
Port: 389 | |
responses: | |
"201": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "829" | |
Date: | |
schema: | |
type: string | |
example: "Fri, 14 Dec 2018 19:51:00 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
AdditionalQueryFilterOptimize: | |
type: boolean | |
example: false | |
AppendFriendlyDomainNameToGroup: | |
type: boolean | |
example: false | |
Authentication: | |
type: boolean | |
example: false | |
BindPassword: | |
type: string | |
example: Cyberark1 | |
BindUsername: | |
type: string | |
example: Svc_PAS_ADBind | |
ClientBrowsing: | |
type: boolean | |
example: false | |
DCList: | |
nullable: true | |
example: ~ | |
DirectoryType: | |
type: string | |
example: MicrosoftADProfile.ini | |
DisablePaging: | |
type: boolean | |
example: false | |
DisableUserEnumeration: | |
type: boolean | |
example: false | |
DomainBaseContext: | |
type: string | |
example: "DC=cyberarkdemo,DC=com" | |
DomainName: | |
type: string | |
example: cyberarkdemo.com | |
ExternalObjectCreation: | |
type: boolean | |
example: false | |
HostAddresses: | |
type: array | |
items: | |
type: string | |
example: 192.168.3.50 | |
example: | |
- 192.168.3.50 | |
LDAPDirectoryDescription: | |
nullable: true | |
example: ~ | |
LDAPDirectoryGroupBaseContext: | |
nullable: true | |
example: ~ | |
LDAPDirectoryName: | |
nullable: true | |
example: ~ | |
LDAPDirectoryQueryOrder: | |
type: number | |
example: 0 | |
LDAPDirectoryUsage: | |
nullable: true | |
example: ~ | |
PasswordObjectPath: | |
nullable: true | |
example: ~ | |
Port: | |
type: number | |
example: 389 | |
ProvisionDisabledUsers: | |
type: boolean | |
example: false | |
ReferralsChasingHopLimit: | |
type: number | |
example: 0 | |
ReferralsDNSLookup: | |
type: boolean | |
example: false | |
RequireReferredDirectoryDefinition: | |
type: boolean | |
example: false | |
SSLConnect: | |
type: boolean | |
example: false | |
UseLDAPCertificatesOnly: | |
type: boolean | |
example: false | |
VaultObjectNamesPrefix: | |
nullable: true | |
example: ~ | |
examples: | |
200 OK: | |
value: | |
AdditionalQueryFilterOptimize: false | |
AppendFriendlyDomainNameToGroup: false | |
Authentication: false | |
BindPassword: Cyberark1 | |
BindUsername: Svc_PAS_ADBind | |
ClientBrowsing: false | |
DCList: ~ | |
DirectoryType: MicrosoftADProfile.ini | |
DisablePaging: false | |
DisableUserEnumeration: false | |
DomainBaseContext: "DC=cyberarkdemo,DC=com" | |
DomainName: cyberarkdemo.com | |
ExternalObjectCreation: false | |
HostAddresses: | |
- 192.168.3.50 | |
LDAPDirectoryDescription: ~ | |
LDAPDirectoryGroupBaseContext: ~ | |
LDAPDirectoryName: ~ | |
LDAPDirectoryQueryOrder: 0 | |
LDAPDirectoryUsage: ~ | |
PasswordObjectPath: ~ | |
Port: 389 | |
ProvisionDisabledUsers: false | |
ReferralsChasingHopLimit: 0 | |
ReferralsDNSLookup: false | |
RequireReferredDirectoryDefinition: false | |
SSLConnect: false | |
UseLDAPCertificatesOnly: false | |
VaultObjectNamesPrefix: ~ | |
"/PasswordVault/api/Configuration/LDAP/Directories/{DirectoryUID}/Mappings": | |
get: | |
tags: | |
- LDAP Integration | |
- LDAP Mappings | |
summary: Get Directory Mapping List | |
description: "This method returns a list of existing directory mappings in the Vault.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permissions:\n\n* Manage Directory Mapping" | |
operationId: getDirectoryMappingList | |
responses: | |
"200": | |
description: "" | |
post: | |
tags: | |
- LDAP Integration | |
- LDAP Mappings | |
summary: Create Directory Mapping | |
description: "This method creates a directory mapping in the Vault.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permissions:\n\n* Audit Users\n* Add/Update users\n* Manage Directory Mapping" | |
operationId: createDirectoryMapping | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
DomainGroups: | |
type: array | |
items: | |
type: string | |
example: TestDomainGroup | |
example: | |
- TestDomainGroup | |
LDAPBranch: | |
type: string | |
example: "OU=Test,DC=cyberarkdemo,DC=com" | |
MappingAuthorizations: | |
type: array | |
items: | |
type: number | |
example: 1 | |
example: | |
- 1 | |
MappingName: | |
type: string | |
example: Test | |
example: | |
DomainGroups: | |
- TestDomainGroup | |
LDAPBranch: "OU=Test,DC=cyberarkdemo,DC=com" | |
MappingAuthorizations: | |
- 1 | |
MappingName: Test | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: DirectoryUID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/api/Configuration/LDAP/Directories/{DirectoryUID}/Mappings/Reorder": | |
post: | |
tags: | |
- LDAP Integration | |
- LDAP Mappings | |
summary: Reorder Directory Mappings | |
description: "This method modifies the order of all mappings that belong to a certain directory.\n\nModifying the order of the mappings changes their priority.\n\nTo run this Web service, you must be a member of the Vault Admins group and have the following permissions:\n\n* Audit users\n* Add/Update users\n* Manage Directory mappings" | |
operationId: reorderDirectoryMappings | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "{\n\t\"MappingsOrder\": [ <mapping id 1>, <mapping id 2>, ..., <mapping id N> ]\n}" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: DirectoryUID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/api/Configuration/LDAP/Directories/{DirectoryUID}/Mappings/{MappingID}": | |
get: | |
tags: | |
- LDAP Integration | |
- LDAP Mappings | |
summary: Get Mapping Details | |
description: "This method returns all the details of specific directory mapping that is defined in the Vault.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permissions:\n\n* Add/Update users\n* Manage Directory Mapping" | |
operationId: getMappingDetails | |
responses: | |
"200": | |
description: "" | |
put: | |
tags: | |
- LDAP Integration | |
- LDAP Mappings | |
summary: Edit Directory Mapping | |
description: "This method edits an existing directory mapping.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permissions:\n\n* Audit users\n* Add/Update users\n* Manage Directory Mapping" | |
operationId: editDirectoryMapping | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
AuthenticationMethod: | |
type: array | |
items: | |
type: string | |
example: AuthTypePass | |
example: | |
- AuthTypePass | |
DirectoryMappingOrder: | |
type: number | |
example: 0 | |
DisableUser: | |
type: boolean | |
example: true | |
DomainGroups: | |
type: array | |
items: | |
type: string | |
example: string | |
example: | |
- string | |
LDAPBranch: | |
type: string | |
example: string | |
LDAPQuery: | |
type: string | |
example: string | |
Location: | |
type: string | |
example: string | |
LogonFromHour: | |
type: number | |
example: 0 | |
LogonToHour: | |
type: number | |
example: 0 | |
MappingAuthorizations: | |
type: array | |
items: | |
type: string | |
example: AddUpdateUsers | |
example: | |
- AddUpdateUsers | |
MappingID: | |
type: number | |
example: 0 | |
MappingName: | |
type: string | |
example: string | |
UserActivityLogPeriod: | |
type: number | |
example: 0 | |
UserExpiration: | |
type: number | |
example: 0 | |
UserType: | |
type: string | |
example: string | |
VaultGroups: | |
type: array | |
items: | |
type: string | |
example: string | |
example: | |
- string | |
example: | |
AuthenticationMethod: | |
- AuthTypePass | |
DirectoryMappingOrder: 0 | |
DisableUser: true | |
DomainGroups: | |
- string | |
LDAPBranch: string | |
LDAPQuery: string | |
Location: string | |
LogonFromHour: 0 | |
LogonToHour: 0 | |
MappingAuthorizations: | |
- AddUpdateUsers | |
MappingID: 0 | |
MappingName: string | |
UserActivityLogPeriod: 0 | |
UserExpiration: 0 | |
UserType: string | |
VaultGroups: | |
- string | |
responses: | |
"200": | |
description: "" | |
delete: | |
tags: | |
- LDAP Integration | |
- LDAP Mappings | |
summary: Delete Directory Mapping | |
description: "This method deletes a specific directory mapping.\n\nTo run this method you must:\n\n* Be a member of Vault Admin group and have the Manage Directory Mapping authorization.\n* Have at least all the authorizations that the mapping has.\n \t\n**Note:** After a mapping is deleted, LDAP users created in the Vault and are mapped to this mapping, are automatically deleted from the vault during the next periodic LDAP sync. For details, see [Synchronize External Users and Groups in the Vault with the External Directory](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20INST/Synchronizing-External-Users-and-Groups-in-the-Vault-with-the-External-Directory.htm)" | |
operationId: deleteDirectoryMapping | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: DirectoryUID | |
in: path | |
required: true | |
schema: | |
type: string | |
- name: MappingID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/api/Configuration/LDAP/Directories/{LDAPID}": | |
delete: | |
tags: | |
- LDAP Integration | |
- LDAP Directories | |
summary: Delete Directory | |
description: "This method deletes a specific directory configuration in the Vault and its mappings.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permissions:\n\n* Audit users\n* Add/Update users\n* Manage Directory mappings\n* Add Safes\n* Reset Users' Passwords\n* Activate Users\n* Add Network Areas\n* Manage Server File Categories\n* Backup All Safes\n* Restore All Safes\n\n**Caution:** After a mapping has been deleted, all LDAP users that were created in the Vault and are mapped to that mapping will be automatically deleted in the Vault during the next periodic LDAP synchronization." | |
operationId: deleteDirectory | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: LDAPID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/api/Configuration/LDAP/Directories/{LDAPID}/": | |
get: | |
tags: | |
- LDAP Integration | |
- LDAP Directories | |
summary: Get Directory Details | |
description: "This method returns all the details of a specific directory in the Vault. Each directory will be returned with its own data.\n\nTo run this web service, the user must be a member of the Vault Admins group and have the following permission:\n\n* Audit Users" | |
operationId: getDirectoryDetails | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "926" | |
Date: | |
schema: | |
type: string | |
example: "Wed, 21 Nov 2018 02:20:16 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
AdditionalQueryFilterOptimize: | |
type: boolean | |
example: true | |
AppendFriendlyDomainNameToGroup: | |
type: boolean | |
example: false | |
Authentication: | |
type: boolean | |
example: true | |
BindPassword: | |
type: string | |
example: "" | |
BindUsername: | |
type: string | |
example: Svc_CyberArkLDAPBind | |
ClientBrowsing: | |
type: boolean | |
example: true | |
DCList: | |
type: array | |
items: | |
type: object | |
properties: | |
Name: | |
type: string | |
example: 192.168.3.100 | |
Port: | |
type: number | |
example: 389 | |
SSLConnect: | |
type: boolean | |
example: false | |
example: | |
- Name: 192.168.3.100 | |
Port: 389 | |
SSLConnect: false | |
DirectoryType: | |
type: string | |
example: MicrosoftADProfile.ini | |
DisablePaging: | |
type: boolean | |
example: false | |
DisableUserEnumeration: | |
type: boolean | |
example: false | |
DomainBaseContext: | |
type: string | |
example: "DC=cyberarkdemo,DC=com" | |
DomainName: | |
type: string | |
example: "" | |
ExternalObjectCreation: | |
type: boolean | |
example: true | |
LDAPDirectoryDescription: | |
type: string | |
example: "" | |
LDAPDirectoryGroupBaseContext: | |
type: string | |
example: "DC=cyberarkdemo,DC=com" | |
LDAPDirectoryName: | |
type: string | |
example: cyberarkdemo.com | |
LDAPDirectoryQueryOrder: | |
type: number | |
example: 1 | |
LDAPDirectoryUsage: | |
type: array | |
items: | |
type: string | |
example: ExternalObjectCreation | |
example: | |
- ExternalObjectCreation | |
- ClientBrowsing | |
- Authentication | |
PasswordObjectPath: | |
type: string | |
example: "root\\cyberarkdemo.com.pass" | |
ProvisionDisabledUsers: | |
type: boolean | |
example: false | |
ReferralsChasingHopLimit: | |
type: number | |
example: -1 | |
ReferralsDNSLookup: | |
type: boolean | |
example: false | |
RequireReferredDirectoryDefinition: | |
type: boolean | |
example: false | |
SSLConnect: | |
type: boolean | |
example: false | |
UseLDAPCertificatesOnly: | |
type: boolean | |
example: false | |
VaultObjectNamesPrefix: | |
type: string | |
example: "" | |
examples: | |
200 OK: | |
value: | |
AdditionalQueryFilterOptimize: true | |
AppendFriendlyDomainNameToGroup: false | |
Authentication: true | |
BindPassword: "" | |
BindUsername: Svc_CyberArkLDAPBind | |
ClientBrowsing: true | |
DCList: | |
- Name: 192.168.3.100 | |
Port: 389 | |
SSLConnect: false | |
DirectoryType: MicrosoftADProfile.ini | |
DisablePaging: false | |
DisableUserEnumeration: false | |
DomainBaseContext: "DC=cyberarkdemo,DC=com" | |
DomainName: "" | |
ExternalObjectCreation: true | |
LDAPDirectoryDescription: "" | |
LDAPDirectoryGroupBaseContext: "DC=cyberarkdemo,DC=com" | |
LDAPDirectoryName: cyberarkdemo.com | |
LDAPDirectoryQueryOrder: 1 | |
LDAPDirectoryUsage: | |
- ExternalObjectCreation | |
- ClientBrowsing | |
- Authentication | |
PasswordObjectPath: "root\\cyberarkdemo.com.pass" | |
ProvisionDisabledUsers: false | |
ReferralsChasingHopLimit: -1 | |
ReferralsDNSLookup: false | |
RequireReferredDirectoryDefinition: false | |
SSLConnect: false | |
UseLDAPCertificatesOnly: false | |
VaultObjectNamesPrefix: "" | |
parameters: | |
- name: LDAPID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/api/DiscoveredAccounts: | |
post: | |
tags: | |
- Accounts | |
- Discovered Accounts | |
- v1 API12 | |
summary: Add Discovered Accounts (v10.5-v10.7) | |
description: "This RPC service adds newly discovered accounts.\n\nThe discovered account is onboarded according to matching onboarding rules or added directly to the Pending Accounts list.\n\nIf the account already exists in the Pending Account list, it will be updated as needed.\n\nIf onboarding failed for any reason, the account will be added to the Pending Accounts list.\n\nThe user who runs this web service requires the following users and permissions:\n\nTo add pending accounts:\n\n* **User:** Owner of PasswordManager_Pending Safe\n* **Permissions:**\n * Add account\n * Update account properties\n\nTo onboard the account:\n\n* **User:** Owner of the target Safe of the onboarding rule.\n* **Permissions:**\n * Add account\n * Update account properties\n * Initiate CPM account management operations" | |
operationId: addDiscoveredAccountsV105V107 | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
OrganizationalUnit: | |
type: string | |
example: "CN=WINSERVER, OU=QA testing,DC=IT,DC=com" | |
accountEnabled: | |
type: boolean | |
example: true | |
additionalProperties: | |
type: object | |
properties: | |
Port: | |
type: number | |
example: 445 | |
UserDN: | |
type: string | |
example: "CN=user1,CN=Users,DC=example,DC=com" | |
address: | |
type: string | |
example: win8.IT.com | |
description: | |
type: string | |
example: User Description | |
domain: | |
type: string | |
example: MyDomain.com | |
lastLogonDateTime: | |
type: string | |
example: "1530635686" | |
lastPasswordSetDateTime: | |
type: string | |
example: "1530635686" | |
osFamily: | |
type: string | |
example: Server | |
osGroups: | |
type: string | |
example: "Backup Operators,IIS_IUSRS,Network Configuration Operators" | |
osVersion: | |
type: string | |
example: Windows Server 2012 R2 Standard | |
passwordExpirationDateTime: | |
type: string | |
example: "1530635686" | |
passwordNeverExpires: | |
type: boolean | |
example: false | |
platformType: | |
type: string | |
example: Windows Server Local | |
platformTypeAccountProperties: | |
type: object | |
properties: | |
SID: | |
type: string | |
example: S-1-5-21-304654729-3147011263-1431158397-3154 | |
privileged: | |
type: boolean | |
example: false | |
userDisplayName: | |
type: string | |
example: User Display Name | |
userName: | |
type: string | |
example: user_dd | |
example: | |
OrganizationalUnit: "CN=WINSERVER, OU=QA testing,DC=IT,DC=com" | |
accountEnabled: true | |
additionalProperties: | |
Port: 445 | |
UserDN: "CN=user1,CN=Users,DC=example,DC=com" | |
address: win8.IT.com | |
description: User Description | |
domain: MyDomain.com | |
lastLogonDateTime: "1530635686" | |
lastPasswordSetDateTime: "1530635686" | |
osFamily: Server | |
osGroups: "Backup Operators,IIS_IUSRS,Network Configuration Operators" | |
osVersion: Windows Server 2012 R2 Standard | |
passwordExpirationDateTime: "1530635686" | |
passwordNeverExpires: false | |
platformType: Windows Server Local | |
platformTypeAccountProperties: | |
SID: S-1-5-21-304654729-3147011263-1431158397-3154 | |
privileged: false | |
userDisplayName: User Display Name | |
userName: user_dd | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/api/LiveSessions/{LiveSessionID}/Monitor": | |
get: | |
tags: | |
- Monitor Sessions | |
- Session Actions | |
summary: Monitor a Live Session | |
description: "This method enables you to monitor an active PSM session using a connection method defined in the PVWA. For details on configuration, see [Active session monitoring settings](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Live-Session-Monitoring.htm#ActiveSessionMonitoringSettings).\n\nA response header defines which connection method is returned.\n\nFor details, see [Privileged Session Management Interface](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-the-Privileged-Session-Management-Interface.htm)." | |
operationId: monitorALiveSession | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: LiveSessionID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/api/Platforms/{PlatformName}/Safes": | |
get: | |
tags: | |
- Safes | |
summary: Get Safe by Platform ID | |
description: This method returns all the safes according to the platform ID. | |
operationId: getSafeByPlatformId | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/api/Safes: | |
get: | |
tags: | |
- Safes | |
- v2 API1234 | |
summary: List Safes | |
description: This method returns information about all of the user’s Safes in the Vault. | |
operationId: listSafes | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "4385" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:15:54 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
GetSafesResult: | |
type: array | |
items: | |
type: object | |
properties: | |
Description: | |
type: string | |
nullable: true | |
example: ~ | |
ManagingCPM: | |
type: string | |
example: PasswordManagerNG | |
NumberOfDaysRetention: | |
nullable: true | |
example: ~ | |
NumberOfVersionsRetention: | |
type: number | |
example: 0 | |
OLACEnabled: | |
type: boolean | |
example: false | |
SafeName: | |
type: string | |
example: AccountsFeedADAccounts | |
example: | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: AccountsFeedADAccounts | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: AccountsFeedDiscoveryLogs | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-CYBR-RESTAPI-ACCTS | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-LIN-ADMIN-USERS | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-LIN-ROOT-SSHKEYS | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-MYSQL-LOCAL-USERS | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-QUALYS-ACCTS | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-TENABLE-ACCTS | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-TEST-SAFE | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: Notification Engine | |
- Description: "" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: P-WIN-LOCAL-ADMIN | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManager | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManager_Info | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManager_Pending | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManagerNG | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManagerNG_Info | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManagerShared | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PSMPADBridgeCustom | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: true | |
SafeName: PSMPADBUserProfile | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PSMUniversalConnectors | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: true | |
SafeName: PSMUnmanagedSessionAccounts | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PVWAConfig | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PVWAPublicData | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: true | |
SafeName: PVWAReports | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: true | |
SafeName: PVWATaskDefinitions | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PVWATicketingSystem | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PVWAUserPrefs | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: VaultInternal | |
examples: | |
200 OK: | |
value: | |
GetSafesResult: | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: AccountsFeedADAccounts | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: AccountsFeedDiscoveryLogs | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-CYBR-RESTAPI-ACCTS | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-LIN-ADMIN-USERS | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-LIN-ROOT-SSHKEYS | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-MYSQL-LOCAL-USERS | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-QUALYS-ACCTS | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-TENABLE-ACCTS | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: D-TEST-SAFE | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: Notification Engine | |
- Description: "" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: P-WIN-LOCAL-ADMIN | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManager | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManager_Info | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManager_Pending | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManagerNG | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManagerNG_Info | |
- Description: ~ | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PasswordManagerShared | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PSMPADBridgeCustom | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: true | |
SafeName: PSMPADBUserProfile | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PSMUniversalConnectors | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: true | |
SafeName: PSMUnmanagedSessionAccounts | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PVWAConfig | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PVWAPublicData | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: true | |
SafeName: PVWAReports | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: true | |
SafeName: PVWATaskDefinitions | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PVWATicketingSystem | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: PVWAUserPrefs | |
- Description: ~ | |
ManagingCPM: "" | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 0 | |
OLACEnabled: false | |
SafeName: VaultInternal | |
"/PasswordVault/api/Safes/{Safe}": | |
get: | |
tags: | |
- Safes | |
- v2 API1234 | |
summary: Get Safe Details | |
description: This method returns information about a specific Safe in the Vault. | |
operationId: getSafeDetails | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "180" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:16:41 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
GetSafeResult: | |
type: object | |
properties: | |
Description: | |
type: string | |
example: "" | |
ManagingCPM: | |
type: string | |
example: PasswordManagerNG | |
NumberOfDaysRetention: | |
nullable: true | |
example: ~ | |
NumberOfVersionsRetention: | |
type: number | |
example: 5 | |
OLACEnabled: | |
type: boolean | |
example: false | |
SafeName: | |
type: string | |
example: P-WIN-LOCAL-ADMIN | |
examples: | |
200 OK: | |
value: | |
GetSafeResult: | |
Description: "" | |
ManagingCPM: PasswordManagerNG | |
NumberOfDaysRetention: ~ | |
NumberOfVersionsRetention: 5 | |
OLACEnabled: false | |
SafeName: P-WIN-LOCAL-ADMIN | |
parameters: | |
- name: Safe | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/api/UserGroups: | |
get: | |
tags: | |
- User Management | |
- Groups | |
- v2 API123456 | |
summary: Get Groups | |
description: "This method returns a list of all existing user groups.\n\nThe user performing this task:\n\n* Must have **Audit users** permissions in the Safe.\n* Can see groups either **only** on the **same** level, or **lower** in the Vault hierarchy.\n\nThis depends on the HideVaultUsersTree parameter defined in the dbparam.ini. If HideVaultUsersTree is set to **No**, all groups will be returned (not only those in the same level or lower in the Vault hierarchy). If this parameter is set to **Yes**, only auditors and managers will be allowed to get all groups.\n \t\n**Note:**\n* Filtering for this task is supported only from Vault v10.5.\n* Retrieving more than 1,000 groups may cause a slowdown in response." | |
operationId: getGroups | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache, no-store, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "1831" | |
Date: | |
schema: | |
type: string | |
example: "Sun, 11 Nov 2018 21:23:56 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: no-cache | |
Server: | |
schema: | |
type: string | |
example: Microsoft-IIS/10.0 | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
count: | |
type: number | |
example: 16 | |
value: | |
type: array | |
items: | |
type: object | |
properties: | |
description: | |
type: string | |
example: "" | |
directory: | |
type: string | |
example: cyberarkdemo.com | |
dn: | |
type: string | |
example: "CN=CyberArk Vault Admins,OU=Groups,OU=CyberArk,DC=cyberarkdemo,DC=com" | |
groupName: | |
type: string | |
example: CyberArk Vault Admins | |
groupType: | |
type: string | |
example: Directory | |
id: | |
type: number | |
example: 26 | |
location: | |
type: string | |
example: "\\" | |
example: | |
- description: "" | |
directory: cyberarkdemo.com | |
dn: "CN=CyberArk Vault Admins,OU=Groups,OU=CyberArk,DC=cyberarkdemo,DC=com" | |
groupName: CyberArk Vault Admins | |
groupType: Directory | |
id: 26 | |
location: "\\" | |
- description: "" | |
directory: cyberarkdemo.com | |
dn: "CN=CyberArk Auditors,OU=Groups,OU=CyberArk,DC=cyberarkdemo,DC=com" | |
groupName: CyberArk Auditors | |
groupType: Directory | |
id: 27 | |
location: "\\" | |
- description: Auditors group | |
groupName: Auditors | |
groupType: Vault | |
id: 8 | |
location: "\\" | |
- description: Notification Engines group | |
groupName: Notification Engines | |
groupType: Vault | |
id: 12 | |
location: "\\" | |
- description: "" | |
groupName: PVWAMonitor | |
groupType: Vault | |
id: 18 | |
location: "\\" | |
- description: "" | |
groupName: PVWAUsers | |
groupType: Vault | |
id: 19 | |
location: "\\" | |
- description: "" | |
groupName: PVWAGWAccounts | |
groupType: Vault | |
id: 20 | |
location: "\\" | |
- description: "" | |
groupName: PVWAAppUsers | |
groupType: Vault | |
id: 21 | |
location: "\\" | |
- description: "" | |
groupName: PSMMaster | |
groupType: Vault | |
id: 40 | |
location: "\\" | |
- description: "" | |
groupName: PSMAppUsers | |
groupType: Vault | |
id: 41 | |
location: "\\" | |
- description: "" | |
groupName: PSMP_ADB_AppUsers | |
groupType: Vault | |
id: 43 | |
location: "\\" | |
- description: "" | |
groupName: PSMLiveSessionTerminators | |
groupType: Vault | |
id: 48 | |
location: "\\" | |
- description: Backup users group | |
groupName: Backup Users | |
groupType: Vault | |
id: 7 | |
location: "\\System" | |
- description: Operators group | |
groupName: Operators | |
groupType: Vault | |
id: 9 | |
location: "\\System" | |
- description: DR users group | |
groupName: DR Users | |
groupType: Vault | |
id: 10 | |
location: "\\System" | |
- description: Vault Admins group | |
groupName: Vault Admins | |
groupType: Vault | |
id: 11 | |
location: "\\System" | |
examples: | |
200 OK: | |
value: | |
count: 16 | |
value: | |
- description: "" | |
directory: cyberarkdemo.com | |
dn: "CN=CyberArk Vault Admins,OU=Groups,OU=CyberArk,DC=cyberarkdemo,DC=com" | |
groupName: CyberArk Vault Admins | |
groupType: Directory | |
id: 26 | |
location: "\\" | |
- description: "" | |
directory: cyberarkdemo.com | |
dn: "CN=CyberArk Auditors,OU=Groups,OU=CyberArk,DC=cyberarkdemo,DC=com" | |
groupName: CyberArk Auditors | |
groupType: Directory | |
id: 27 | |
location: "\\" | |
- description: Auditors group | |
groupName: Auditors | |
groupType: Vault | |
id: 8 | |
location: "\\" | |
- description: Notification Engines group | |
groupName: Notification Engines | |
groupType: Vault | |
id: 12 | |
location: "\\" | |
- description: "" | |
groupName: PVWAMonitor | |
groupType: Vault | |
id: 18 | |
location: "\\" | |
- description: "" | |
groupName: PVWAUsers | |
groupType: Vault | |
id: 19 | |
location: "\\" | |
- description: "" | |
groupName: PVWAGWAccounts | |
groupType: Vault | |
id: 20 | |
location: "\\" | |
- description: "" | |
groupName: PVWAAppUsers | |
groupType: Vault | |
id: 21 | |
location: "\\" | |
- description: "" | |
groupName: PSMMaster | |
groupType: Vault | |
id: 40 | |
location: "\\" | |
- description: "" | |
groupName: PSMAppUsers | |
groupType: Vault | |
id: 41 | |
location: "\\" | |
- description: "" | |
groupName: PSMP_ADB_AppUsers | |
groupType: Vault | |
id: 43 | |
location: "\\" | |
- description: "" | |
groupName: PSMLiveSessionTerminators | |
groupType: Vault | |
id: 48 | |
location: "\\" | |
- description: Backup users group | |
groupName: Backup Users | |
groupType: Vault | |
id: 7 | |
location: "\\System" | |
- description: Operators group | |
groupName: Operators | |
groupType: Vault | |
id: 9 | |
location: "\\System" | |
- description: DR users group | |
groupName: DR Users | |
groupType: Vault | |
id: 10 | |
location: "\\System" | |
- description: Vault Admins group | |
groupName: Vault Admins | |
groupType: Vault | |
id: 11 | |
location: "\\System" | |
post: | |
tags: | |
- User Management | |
- Groups | |
- v2 API123456 | |
summary: Create Group | |
description: "This method adds a new Vault group.\n\nTo run this Web service, you must have the following permissions:\n\n* Add Users\n* Update Users" | |
operationId: createGroup | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
description: | |
type: string | |
example: The users in this group all have the same authorizations | |
groupName: | |
type: string | |
example: unique-group-name | |
location: | |
type: string | |
example: "\\" | |
example: | |
description: The users in this group all have the same authorizations | |
groupName: unique-group-name | |
location: "\\" | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/api/UserGroups/{GroupID}": | |
delete: | |
tags: | |
- User Management | |
- Groups | |
- v2 API123456 | |
summary: Delete Group | |
description: "his method deletes a user group.\n\nIn order to delete a user group, the following authorizations are required:\n\n* Add/Update Users\n" | |
operationId: deleteGroup | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: GroupID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/api/UserGroups/{GroupID}/Members/": | |
post: | |
tags: | |
- User Management | |
- Groups | |
- v2 API123456 | |
summary: Add User to Group | |
description: "This method adds a user as a member to an existing Vault group. This is relevant for regular Vault users, LDAP mapped groups or LDAP users.\n\nThe user who runs this web service requires the **Add/Update users** permissions in the Vault." | |
operationId: addUserToGroup | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
domainName: | |
type: string | |
example: string | |
memberId: | |
type: string | |
example: string | |
memberType: | |
type: string | |
example: Vault | |
example: | |
domainName: string | |
memberId: string | |
memberType: Vault | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: GroupID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/PasswordVault/api/UserGroups/{GroupID}/Members/{Member}": | |
delete: | |
tags: | |
- User Management | |
- Groups | |
- v2 API123456 | |
summary: Remove User from Group | |
description: This method removes a specific user from a user group in the Vault. | |
operationId: removeUserFromGroup | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: GroupID | |
in: path | |
required: true | |
schema: | |
type: string | |
- name: Member | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/api/Users: | |
get: | |
tags: | |
- User Management | |
- Users | |
- v2 API12345 | |
summary: Get Users | |
description: "This method returns a list of all existing users in the Vault except for the Master and the Batch built-in users.\n\nTo run this Web service, you must have the following permissions:\n\n* **Audit users**\n\nYou can retrieve only users on the same level as you or lower in the Vault hierarchy.\n\n**Note:** This Web service returns up to 6000 users in up to 20 seconds. If the number of users is higher, the response time may be higher." | |
operationId: getUsers | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
filter: | |
type: string | |
example: userType or componentUser | |
search: | |
type: string | |
example: "username, first name, or last name" | |
example: | |
filter: userType or componentUser | |
search: "username, first name, or last name" | |
responses: | |
"200": | |
description: "" | |
post: | |
tags: | |
- User Management | |
- Users | |
- v2 API12345 | |
summary: Add User | |
description: "This method adds a new user to the Vault.\n\nTo run this Web service, you must have the following permissions:\n\n* Add Users\n* Update Users" | |
operationId: addUser | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
authenticationMethod: | |
type: array | |
items: | |
type: string | |
example: AuthTypePass | |
example: | |
- AuthTypePass | |
businessAddress: | |
type: object | |
properties: | |
workCity: | |
type: string | |
example: Petah Tikva | |
workCountry: | |
type: string | |
example: Israel | |
workState: | |
type: string | |
example: Israel | |
workStreet: | |
type: string | |
example: Hapssagot 9 | |
workZip: | |
type: string | |
example: "9999999" | |
changePassOnNextLogon: | |
type: boolean | |
example: true | |
description: | |
type: string | |
example: This user is privileged | |
distinguishedName: | |
type: string | |
example: newUser@cyberark | |
enableUser: | |
type: boolean | |
example: true | |
expiryDate: | |
type: number | |
example: 1577836800 | |
initialPassword: | |
type: string | |
example: 123Cyber | |
internet: | |
type: object | |
properties: | |
businessEmail: | |
type: string | |
example: user@cyberark.com | |
homeEmail: | |
type: string | |
example: user@gmail.com | |
homePage: | |
type: string | |
example: Cyberark.com | |
otherEmail: | |
type: string | |
example: user2@gmail.com | |
location: | |
type: string | |
example: "\\" | |
passwordNeverExpires: | |
type: boolean | |
example: true | |
personalDetails: | |
type: object | |
properties: | |
city: | |
type: string | |
example: Tel Aviv | |
country: | |
type: string | |
example: Israel | |
department: | |
type: string | |
example: R&D | |
firstName: | |
type: string | |
example: John | |
lastName: | |
type: string | |
example: Smith | |
middleName: | |
type: string | |
example: Doe | |
organization: | |
type: string | |
example: Cyber ark | |
profession: | |
type: string | |
example: software development | |
state: | |
type: string | |
example: Israel | |
street: | |
type: string | |
example: Dizzengof 56 | |
title: | |
type: string | |
example: Mr. VIP | |
zip: | |
type: string | |
example: "123456" | |
phones: | |
type: object | |
properties: | |
businessNumber: | |
type: string | |
example: "555456789" | |
cellularNumber: | |
type: string | |
example: "555789789" | |
faxNumber: | |
type: string | |
example: "999999" | |
homeNumber: | |
type: string | |
example: "555123456" | |
pagerNumber: | |
type: string | |
example: "111111" | |
unAuthorizedInterfaces: | |
type: array | |
items: | |
type: string | |
example: PSM | |
example: | |
- PSM | |
- PSMP | |
userType: | |
type: string | |
example: EPVUser | |
username: | |
type: string | |
example: newUser | |
vaultAuthorization: | |
type: array | |
items: | |
type: string | |
example: AddSafes | |
example: | |
- AddSafes | |
- AuditUsers | |
example: | |
authenticationMethod: | |
- AuthTypePass | |
businessAddress: | |
workCity: Petah Tikva | |
workCountry: Israel | |
workState: Israel | |
workStreet: Hapssagot 9 | |
workZip: "9999999" | |
changePassOnNextLogon: true | |
description: This user is privileged | |
distinguishedName: newUser@cyberark | |
enableUser: true | |
expiryDate: 1577836800 | |
initialPassword: 123Cyber | |
internet: | |
businessEmail: user@cyberark.com | |
homeEmail: user@gmail.com | |
homePage: Cyberark.com | |
otherEmail: user2@gmail.com | |
location: "\\" | |
passwordNeverExpires: true | |
personalDetails: | |
city: Tel Aviv | |
country: Israel | |
department: R&D | |
firstName: John | |
lastName: Smith | |
middleName: Doe | |
organization: Cyber ark | |
profession: software development | |
state: Israel | |
street: Dizzengof 56 | |
title: Mr. VIP | |
zip: "123456" | |
phones: | |
businessNumber: "555456789" | |
cellularNumber: "555789789" | |
faxNumber: "999999" | |
homeNumber: "555123456" | |
pagerNumber: "111111" | |
unAuthorizedInterfaces: | |
- PSM | |
- PSMP | |
userType: EPVUser | |
username: newUser | |
vaultAuthorization: | |
- AddSafes | |
- AuditUsers | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/api/Users/{UserID}/ResetPassword": | |
post: | |
tags: | |
- User Management | |
- Users | |
- v2 API12345 | |
summary: Reset User Password | |
description: "This method resets an existing Vault user's password.\n\nTo run this Web service, you must have the following permissions:\n\n* **Audit users**\n* **Reset Users' Passwords**\n\nThe user who runs this Web service must be in the same Vault Location or higher as the user whose password is being reset." | |
operationId: resetUserPassword | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
id: | |
type: string | |
example: "<integer>" | |
newPassword: | |
type: string | |
example: "<string>" | |
example: | |
id: "<integer>" | |
newPassword: "<string>" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: UserID | |
in: path | |
required: true | |
schema: | |
type: string | |
/PasswordVault/api/auth/SAML/Logoff: | |
post: | |
tags: | |
- Authentication | |
- v2 API123 | |
- SAML Authentication | |
summary: Logoff | |
description: This method logs off the user and removes the Vault session. This web service is used to log off when the user authenticated with SAML authentication. | |
operationId: logoff | |
responses: | |
"200": | |
description: "" | |
"/PasswordVault/api/recordings/{RecordingsID}/Play": | |
post: | |
tags: | |
- Monitor Sessions | |
- Recordings | |
summary: Play Recording | |
description: This method returns a data stream of a specific recorded session. | |
operationId: playRecording | |
requestBody: | |
content: | |
text/plain: | |
schema: | |
type: string | |
example: "" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: RecordingsID | |
in: path | |
required: true | |
schema: | |
type: string | |
/api/getauthtoken: | |
post: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
summary: Get Authentication Token | |
description: "This method enables a user to get a token upon Web application authentication. You can use this method to monitor the PTA system health, as shown in [Get PTA replication status](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/PTA_System_Health.htm)." | |
operationId: getAuthenticationToken | |
requestBody: | |
content: | |
application/form-urlencoded: | |
schema: | |
type: object | |
properties: | |
password: | |
type: string | |
example: "{{apiPassword}}" | |
username: | |
type: string | |
example: "{{apiUsername}}" | |
example: | |
password: "{{apiPassword}}" | |
username: "{{apiUsername}}" | |
responses: | |
"200": | |
description: "" | |
/api/monitoring: | |
get: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
summary: Get PTA Replication Status | |
description: This method returns details about the health of the PTA Server and Application. | |
operationId: getPtaReplicationStatus | |
responses: | |
"200": | |
description: "" | |
/installer/api/encryptionkey: | |
get: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
- PTA Installation | |
summary: Server Encryption Key | |
description: "This method generates and returns an RSA encryption key as base 64 string that is used by the installer for encrypting sensitive fields.\n\nTo encrypt the sensitive fields, encrypt the data value using the RSA algorithm that uses the generated key as the encryption key. Add an **{encrypted}** prefix string to the encrypted value to indicate to the PTA server to decrypt the data." | |
operationId: serverEncryptionKey | |
responses: | |
"200": | |
description: "" | |
/installer/api/getauthtoken: | |
post: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
- PTA Installation | |
summary: PTA Server Authentication | |
description: "This method generates a token that enables the user to authenticate to the PTA Server using the machine credentials for the installation process. This method can be run with an encrypted or clear text password. To encrypt the password, see [Get Server encryption key](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ServerEncryption.htm)." | |
operationId: ptaServerAuthentication | |
requestBody: | |
content: | |
application/form-urlencoded: | |
schema: | |
type: object | |
properties: | |
password: | |
type: string | |
example: "{{apiPassword}}" | |
username: | |
type: string | |
example: "{{apiUsername}}" | |
example: | |
password: "{{apiPassword}}" | |
username: "{{apiUsername}}" | |
responses: | |
"200": | |
description: "" | |
/installer/api/installation: | |
get: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
- PTA Installation | |
summary: PTA Installation Status | |
description: This method returns the status of the installation of the PTA server. | |
operationId: ptaInstallationStatus | |
responses: | |
"200": | |
description: "" | |
/monitoring/federate: | |
get: | |
tags: | |
- Privileged Threat Analytics (PTA) | |
summary: Get PTA System Health | |
description: "This method returns Prometheus monitor metrics about the PTA Server and database. When you run the API for the first time, you are redirected to the PTA Login screen.\n\n1. Log in to the PTA Server using **monitor** as the user and **DiamondMonitor** (case sensitive) as the password. You are then prompted to change the password.\n2. After you change the password, encode the user (**monitor**) and the new password in BASE 64.\n* Enter the data in the format **username:password**.\n* The encoded result is entered in the **Authorization** header parameter in the format **Basic <encoded result>**. _In this Postman collection, we use the **Authorization** tab to automatically do this for us instead._\n\nYou can use Grafana or similar tools to display the results in a user-friendly format." | |
operationId: getPtaSystemHealth | |
parameters: | |
- name: "match[]" | |
in: query | |
schema: | |
type: string | |
example: "%7Bjob%3D~%22ptaaa_.%2B%22%7D" | |
description: Job ID(s) to monitor in array | |
responses: | |
"200": | |
description: "" | |
"/passwordvault/api/Accounts/{AccountID}/SetNextPassword": | |
post: | |
tags: | |
- Accounts | |
- Account Actions | |
- v2 API1 | |
summary: "Change Password, Set Next Password" | |
description: "This method enables users to set the account's credentials to use for the next CPM change.\n\nThe user who runs this web service requires the following permissions in the Safe where the privileged account is stored:\n\n* Initiate CPM password management operations\n* Specify next password value" | |
operationId: changePasswordSetNextPassword | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
ChangeImmediately: | |
type: boolean | |
example: true | |
NewCredentials: | |
type: string | |
example: "<credentials>" | |
example: | |
ChangeImmediately: true | |
NewCredentials: "<credentials>" | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
/passwordvault/api/Configuration/AccessRestriction/AllowedReferrers: | |
get: | |
tags: | |
- General | |
summary: Get Allowed Referrer | |
description: "This method returns the allowed referrer list. This means access is allowed from all URLs in the list, to the PVWA. Any user who is a member of the Vault admins group can run this web service." | |
operationId: getAllowedReferrer | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache,no-store, no-cache, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "129" | |
Date: | |
schema: | |
type: string | |
example: "Fri, 25 Sep 2020 15:51:56 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: "no-cache,no-cache" | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: array | |
items: | |
type: object | |
properties: | |
referrerURL: | |
type: string | |
example: /WebID/ | |
regularExpression: | |
type: boolean | |
example: false | |
example: | |
- referrerURL: /WebID/ | |
regularExpression: false | |
- referrerURL: "https://tenantid.my.idaptive.app" | |
regularExpression: false | |
examples: | |
200 OK: | |
value: | |
- referrerURL: /WebID/ | |
regularExpression: false | |
- referrerURL: "https://tenantid.my.idaptive.app" | |
regularExpression: false | |
post: | |
tags: | |
- General | |
summary: Add Allowed Referrer | |
description: This method adds a web application URL to the allowed referrer list. This means access is allowed from the URL to the PVWA. Any user who is a member of the Vault admins group can run this web service. | |
operationId: addAllowedReferrer | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
referrerURL: | |
type: string | |
example: "https://CompanyA/portal/" | |
regularExpression: | |
type: boolean | |
example: false | |
example: | |
referrerURL: "https://CompanyA/portal/" | |
regularExpression: false | |
responses: | |
"200": | |
description: "" | |
/passwordvault/api/DiscoveredAccounts: | |
get: | |
tags: | |
- Accounts | |
- Discovered Accounts | |
- v2 API12 | |
summary: Get Discovered Accounts | |
description: "This method returns a list of all the discovered accounts from the Pending Accounts list. To run this web service, the user must be a member of the Vault admins group.\n \t\n**Note:** Discovered accounts that were onboarded either manually or automatically, according to predefined rules, won't be returned using this method.\n\nFor more information on available filters, please visit [Filter Parameters](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/11.6/en/Content/WebServices/Get-discovered-accounts.htm#filter-parameters) in the CyberArk API Documentation." | |
operationId: getDiscoveredAccounts | |
parameters: | |
- name: filter | |
in: query | |
schema: | |
type: string | |
example: platformType eq Windows Server Local AND privileged eq true AND accountEnabled eq true | |
description: "search accounts using platformType, privileged, and/or accountEnabled values" | |
- name: search | |
in: query | |
schema: | |
type: string | |
example: admin | |
description: search is supported for username and address | |
- name: searchType | |
in: query | |
schema: | |
type: string | |
example: contains | |
description: "keyword is contained (contains, DEFAULT) or beginning (startswith)" | |
- name: offset | |
in: query | |
schema: | |
type: string | |
example: "0" | |
description: the offset of the first returned account in the list of results | |
- name: limit | |
in: query | |
schema: | |
type: string | |
example: "100" | |
description: the maximum number of accounts to return (maximum value allowed is 1000) | |
responses: | |
"200": | |
description: "" | |
"/passwordvault/api/DiscoveredAccounts/{AccountID}": | |
get: | |
tags: | |
- Accounts | |
- Discovered Accounts | |
- v2 API12 | |
summary: Get Discovered Account Details | |
description: "This method returns information about a discovered account and its dependencies from the Pending Accounts list. The discovered account is identified by its ID.\n\nTo run this web service, the user must be a member of the Vault admins group.\n\n**Note:** Discovered accounts that were onboarded either manually or automatically, according to predefined rules, won't be returned using this method." | |
operationId: getDiscoveredAccountDetails | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: AccountID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/passwordvault/api/Platforms/Targets/{PlatformName}/PrivilegedSessionManagement": | |
put: | |
tags: | |
- Session Management | |
summary: Update Session Management Policy of Platform | |
description: This method allows Vault admins to update the PSM Policy Section of a target platform. | |
operationId: updateSessionManagementPolicyOfPlatform | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
PSMConnectors: | |
type: array | |
items: | |
type: object | |
properties: | |
Enabled: | |
type: boolean | |
example: false | |
PSMConnectorID: | |
type: string | |
example: PSM-AWSConsoleWithSTS | |
example: | |
- Enabled: false | |
PSMConnectorID: PSM-AWSConsoleWithSTS | |
- Enabled: true | |
PSMConnectorID: SSH | |
PSMServerId: | |
type: string | |
example: PSMServer_e7b11b1 | |
PSMServerName: | |
type: string | |
example: PSMServer2 | |
example: | |
PSMConnectors: | |
- Enabled: false | |
PSMConnectorID: PSM-AWSConsoleWithSTS | |
- Enabled: true | |
PSMConnectorID: SSH | |
PSMServerId: PSMServer_e7b11b1 | |
PSMServerName: PSMServer2 | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
/passwordvault/api/bulkactions/accounts: | |
get: | |
tags: | |
- Accounts | |
- Bulk Upload of Accounts | |
summary: Get All Bulk Account Uploads for User | |
description: "This method gets the status of all bulk account uploads that the user performed.\n\n**Note:** Bulk account uploads are returned sorted by their creation time in descending order - from the most recent to the oldest. The bulk account uploads that are returned are ones that a specific user created and has authorization to view." | |
operationId: getAllBulkAccountUploadsForUser | |
parameters: | |
- name: filter | |
in: query | |
schema: | |
type: string | |
example: "" | |
description: status - returns all bulk account uploads that meet the required status | |
- name: limit | |
in: query | |
schema: | |
type: string | |
example: "50" | |
description: "number of accounts to return, starting from first account" | |
responses: | |
"200": | |
description: "" | |
post: | |
tags: | |
- Accounts | |
- Bulk Upload of Accounts | |
summary: Create Bulk Upload of Accounts | |
description: "This method allows a developer to add multiple accounts to existing Safes. The response contains the ID of the bulk account upload that was performed.\n \t\n**Note:** This option is only available if you have **Add accounts**, **Update account content**, and **Update account properties** authorization in at least one Safe." | |
operationId: createBulkUploadOfAccounts | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
accountsList: | |
type: array | |
items: | |
type: object | |
properties: | |
address: | |
type: string | |
example: 192.0.2.0 | |
groupName: | |
type: string | |
example: DomainGroup | |
platformAccountProperties: | |
type: object | |
properties: | |
port: | |
type: string | |
example: "111" | |
platformId: | |
type: string | |
example: WinDomain | |
remoteMachinesAccess: | |
type: object | |
properties: | |
accessRestrictedToRemoteMachines: | |
type: boolean | |
example: true | |
remoteMachines: | |
type: string | |
example: example.com | |
safeName: | |
type: string | |
example: WinDomainSafe | |
secret: | |
type: string | |
example: "123456" | |
secretManagement: | |
type: object | |
properties: | |
automaticManagementEnabled: | |
type: boolean | |
example: true | |
manualManagementReason: | |
type: string | |
example: "" | |
uploadIndex: | |
type: string | |
example: "1" | |
username: | |
type: string | |
example: JohnDoe | |
example: | |
- address: 192.0.2.0 | |
groupName: DomainGroup | |
platformAccountProperties: | |
port: "111" | |
platformId: WinDomain | |
remoteMachinesAccess: | |
accessRestrictedToRemoteMachines: true | |
remoteMachines: example.com | |
safeName: WinDomainSafe | |
secret: "123456" | |
secretManagement: | |
automaticManagementEnabled: true | |
manualManagementReason: "" | |
uploadIndex: "1" | |
username: JohnDoe | |
- address: 198.51.100.0 | |
groupName: WinGroup | |
platformAccountProperties: | |
port: "222" | |
platformId: WinDesktopLocal | |
remoteMachinesAccess: | |
accessRestrictedToRemoteMachines: true | |
remoteMachines: example.net | |
safeName: WinUsersSafe | |
secret: "123456" | |
secretManagement: | |
automaticManagementEnabled: true | |
manualManagementReason: "" | |
uploadIndex: "2" | |
username: JaneDoe | |
source: | |
type: string | |
example: filename.csv | |
example: | |
accountsList: | |
- address: 192.0.2.0 | |
groupName: DomainGroup | |
platformAccountProperties: | |
port: "111" | |
platformId: WinDomain | |
remoteMachinesAccess: | |
accessRestrictedToRemoteMachines: true | |
remoteMachines: example.com | |
safeName: WinDomainSafe | |
secret: "123456" | |
secretManagement: | |
automaticManagementEnabled: true | |
manualManagementReason: "" | |
uploadIndex: "1" | |
username: JohnDoe | |
- address: 198.51.100.0 | |
groupName: WinGroup | |
platformAccountProperties: | |
port: "222" | |
platformId: WinDesktopLocal | |
remoteMachinesAccess: | |
accessRestrictedToRemoteMachines: true | |
remoteMachines: example.net | |
safeName: WinUsersSafe | |
secret: "123456" | |
secretManagement: | |
automaticManagementEnabled: true | |
manualManagementReason: "" | |
uploadIndex: "2" | |
username: JaneDoe | |
source: filename.csv | |
responses: | |
"200": | |
description: "" | |
"/passwordvault/api/bulkactions/accounts/{BulkID}": | |
get: | |
tags: | |
- Accounts | |
- Bulk Upload of Accounts | |
summary: Get Bulk Account Upload Result | |
description: "This method returns the result of the bulk account upload, which is identified by the ID of the bulk account upload. When the upload has finished, the API returns the result. The result contains a list of all the accounts that succeeded or failed to upload.\n \t\n\n**Note:** Only the user that created the bulk account upload can receive the result of the upload using this API." | |
operationId: getBulkAccountUploadResult | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: BulkID | |
in: path | |
required: true | |
schema: | |
type: string | |
"/passwordvault/api/platforms/dependent/{PlatformName}/duplicate": | |
post: | |
tags: | |
- Platforms | |
- Dependent Platforms | |
summary: Duplicate Dependent Platforms | |
description: This method allows Vault Admins to duplicate dependent platforms. | |
operationId: duplicateDependentPlatforms | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Description: | |
type: string | |
example: "" | |
Name: | |
type: string | |
example: test Platform | |
example: | |
Description: "" | |
Name: test Platform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
/passwordvault/api/platforms/dependents: | |
get: | |
tags: | |
- Platforms | |
- Dependent Platforms | |
summary: Get Dependent Platforms | |
description: This method allows Vault Admins to retrieve basic information about all existing dependent platforms. | |
operationId: getDependentPlatforms | |
parameters: | |
- name: search | |
in: query | |
schema: | |
type: string | |
description: Platform Name | |
responses: | |
"200": | |
description: "" | |
"/passwordvault/api/platforms/dependents/{PlatformName}": | |
delete: | |
tags: | |
- Platforms | |
- Dependent Platforms | |
summary: Delete Dependent Platform | |
description: This method allows Vault Admins to delete a dependent platform. | |
operationId: deleteDependentPlatform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
/passwordvault/api/platforms/groups: | |
get: | |
tags: | |
- Platforms | |
- Group Platforms | |
summary: Get Group Platforms | |
description: This method allows Vault Admins to retrieve basic information about all existing group platforms. | |
operationId: getGroupPlatforms | |
parameters: | |
- name: search | |
in: query | |
schema: | |
type: string | |
example: SSH | |
description: Platform Name | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache,no-store, no-cache, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "124" | |
Date: | |
schema: | |
type: string | |
example: "Wed, 30 Sep 2020 13:09:44 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: "no-cache,no-cache" | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Platforms: | |
type: array | |
items: | |
type: object | |
properties: | |
Active: | |
type: boolean | |
example: false | |
ID: | |
type: number | |
example: 34 | |
Name: | |
type: string | |
example: "[Sample SSH Key Group Platform]" | |
PlatformID: | |
type: string | |
example: SampleSSHKeyGroup | |
example: | |
- Active: false | |
ID: 34 | |
Name: "[Sample SSH Key Group Platform]" | |
PlatformID: SampleSSHKeyGroup | |
Total: | |
type: number | |
example: 1 | |
examples: | |
200 OK: | |
value: | |
Platforms: | |
- Active: false | |
ID: 34 | |
Name: "[Sample SSH Key Group Platform]" | |
PlatformID: SampleSSHKeyGroup | |
Total: 1 | |
"/passwordvault/api/platforms/groups/{PlatformName}": | |
delete: | |
tags: | |
- Platforms | |
- Group Platforms | |
summary: Delete Group Platform | |
description: This method allows Vault Admins to delete a group platform. | |
operationId: deleteGroupPlatform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/passwordvault/api/platforms/groups/{PlatformName}/activate": | |
post: | |
tags: | |
- Platforms | |
- Group Platforms | |
summary: Activate Group Platform | |
description: This method allows Vault Admins to activate a group platform. | |
operationId: activateGroupPlatform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/passwordvault/api/platforms/groups/{PlatformName}/deactivate": | |
post: | |
tags: | |
- Platforms | |
- Group Platforms | |
summary: Deactivate Group Platform | |
description: This method allows Vault Admins to deactivate a group platform. | |
operationId: deactivateGroupPlatform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/passwordvault/api/platforms/groups/{PlatformName}/duplicate": | |
post: | |
tags: | |
- Platforms | |
- Group Platforms | |
summary: Duplicate Group Platforms | |
description: This method allows Vault Admins to duplicate group platforms. | |
operationId: duplicateGroupPlatforms | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Description: | |
type: string | |
example: "" | |
Name: | |
type: string | |
example: test Platform | |
example: | |
Description: "" | |
Name: test Platform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
/passwordvault/api/platforms/rotationalGroups: | |
get: | |
tags: | |
- Platforms | |
- Rotational Group Platforms | |
summary: Get Rotational Group Platforms | |
description: This method allows Vault Admins to retrieve basic information about all existing rotational group platforms. | |
operationId: getRotationalGroupPlatforms | |
parameters: | |
- name: search | |
in: query | |
schema: | |
type: string | |
example: MySQL | |
description: Platform Name | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache,no-store, no-cache, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "145" | |
Date: | |
schema: | |
type: string | |
example: "Wed, 30 Sep 2020 13:15:00 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: "no-cache,no-cache" | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Platforms: | |
type: array | |
items: | |
type: object | |
properties: | |
Active: | |
type: boolean | |
example: true | |
GracePeriod: | |
type: number | |
example: 540 | |
ID: | |
type: number | |
example: 40 | |
Name: | |
type: string | |
example: MySQL Server - Dual Accounts | |
PlatformID: | |
type: string | |
example: MySQLServer-DualAccounts | |
example: | |
- Active: true | |
GracePeriod: 540 | |
ID: 40 | |
Name: MySQL Server - Dual Accounts | |
PlatformID: MySQLServer-DualAccounts | |
Total: | |
type: number | |
example: 1 | |
examples: | |
200 OK: | |
value: | |
Platforms: | |
- Active: true | |
GracePeriod: 540 | |
ID: 40 | |
Name: MySQL Server - Dual Accounts | |
PlatformID: MySQLServer-DualAccounts | |
Total: 1 | |
"/passwordvault/api/platforms/rotationalGroups/{PlatformName}": | |
delete: | |
tags: | |
- Platforms | |
- Rotational Group Platforms | |
summary: Delete Rotational Group Platform | |
description: This method allows Vault Admins to delete a rotational group platform. | |
operationId: deleteRotationalGroupPlatform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/passwordvault/api/platforms/rotationalGroups/{PlatformName}/activate": | |
post: | |
tags: | |
- Platforms | |
- Rotational Group Platforms | |
summary: Activate Rotational Group Platform | |
description: This method allows Vault Admins to activate a rotational group platform. | |
operationId: activateRotationalGroupPlatform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/passwordvault/api/platforms/rotationalGroups/{PlatformName}/deactivate": | |
post: | |
tags: | |
- Platforms | |
- Rotational Group Platforms | |
summary: Deactivate Rotational Group Platform | |
description: This method allows Vault Admins to deactivate a rotational group platform. | |
operationId: deactivateRotationalGroupPlatform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/passwordvault/api/platforms/rotationalGroups/{PlatformName}/duplicate": | |
post: | |
tags: | |
- Platforms | |
- Rotational Group Platforms | |
summary: Duplicate Rotational Group Platforms | |
description: This method allows Vault Admins to duplicate rotational group platforms. | |
operationId: duplicateRotationalGroupPlatforms | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Description: | |
type: string | |
example: "" | |
Name: | |
type: string | |
example: test Platform | |
example: | |
Description: "" | |
Name: test Platform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
/passwordvault/api/platforms/targets: | |
get: | |
tags: | |
- Platforms | |
- Target Platforms | |
summary: Get Target Platforms | |
description: "This method allows users to retrieve basic information of all existing target platforms.\n\nYou can use filters to retrieve a subset of the target platforms or search for a specific target platform. For details, see [URL parameters](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/11.6/en/Content/SDK/rest-api-get-target-platforms.htm#URL%C2%A0para)." | |
operationId: getTargetPlatforms | |
responses: | |
"200": | |
description: 200 OK | |
headers: | |
Access-Control-Expose-Headers: | |
schema: | |
type: string | |
example: Warning | |
Cache-Control: | |
schema: | |
type: string | |
example: "no-cache,no-store, no-cache, must-revalidate" | |
Content-Length: | |
schema: | |
type: string | |
example: "33875" | |
Date: | |
schema: | |
type: string | |
example: "Fri, 25 Sep 2020 16:07:11 GMT" | |
Expires: | |
schema: | |
type: string | |
example: "-1" | |
Pragma: | |
schema: | |
type: string | |
example: "no-cache,no-cache" | |
Set-Cookie: | |
schema: | |
type: string | |
example: mobileState=Desktop; path=/PasswordVault/; SameSite=None; secure; HttpOnly | |
Strict-Transport-Security: | |
schema: | |
type: string | |
example: max-age=31536000; includeSubDomains | |
X-Content-Type-Options: | |
schema: | |
type: string | |
example: nosniff | |
X-FRAME-Options: | |
schema: | |
type: string | |
example: SAMEORIGIN | |
X-UA-Compatible: | |
schema: | |
type: string | |
example: IE=EmulateIE8 | |
X-XSS-Protection: | |
schema: | |
type: string | |
example: 1; mode=block | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Platforms: | |
type: array | |
items: | |
type: object | |
properties: | |
Active: | |
type: boolean | |
example: true | |
AllowedSafes: | |
type: string | |
example: ".*" | |
CredentialsManagementPolicy: | |
type: object | |
properties: | |
Change: | |
type: object | |
properties: | |
AllowManual: | |
type: boolean | |
example: true | |
AutoOnAdd: | |
type: boolean | |
example: false | |
PerformAutomatic: | |
type: boolean | |
example: false | |
RequirePasswordEveryXDays: | |
type: number | |
example: 90 | |
Reconcile: | |
type: object | |
properties: | |
AllowManual: | |
type: boolean | |
example: true | |
AutomaticReconcileWhenUnsynced: | |
type: boolean | |
example: false | |
SecretUpdateConfiguration: | |
type: object | |
properties: | |
ChangePasswordInResetMode: | |
type: boolean | |
example: false | |
Verification: | |
type: object | |
properties: | |
AllowManual: | |
type: boolean | |
example: true | |
AutoOnAdd: | |
type: boolean | |
example: false | |
PerformAutomatic: | |
type: boolean | |
example: false | |
RequirePasswordEveryXDays: | |
type: number | |
example: 7 | |
ID: | |
type: number | |
example: 2 | |
Name: | |
type: string | |
example: Unix via SSH | |
PlatformID: | |
type: string | |
example: UnixSSH | |
PrivilegedAccessWorkflows: | |
type: object | |
properties: | |
EnforceCheckinCheckoutExclusiveAccess: | |
type: object | |
properties: | |
IsActive: | |
type: boolean | |
example: false | |
IsAnException: | |
type: boolean | |
example: false | |
EnforceOnetimePasswordAccess: | |
type: object | |
properties: | |
IsActive: | |
type: boolean | |
example: false | |
IsAnException: | |
type: boolean | |
example: false | |
RequireDualControlPasswordAccessApproval: | |
type: object | |
properties: | |
IsActive: | |
type: boolean | |
example: false | |
IsAnException: | |
type: boolean | |
example: false | |
RequireUsersToSpecifyReasonForAccess: | |
type: object | |
properties: | |
IsActive: | |
type: boolean | |
example: false | |
IsAnException: | |
type: boolean | |
example: false | |
PrivilegedSessionManagement: | |
type: object | |
properties: | |
PSMServerId: | |
type: string | |
example: PSMServer | |
PSMServerName: | |
type: string | |
example: PSM Server on PASAAS-PSM | |
SystemType: | |
type: string | |
example: "*NIX" | |
example: | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 2 | |
Name: Unix via SSH | |
PlatformID: UnixSSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer | |
PSMServerName: PSM Server on PASAAS-PSM | |
SystemType: "*NIX" | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 23 | |
Name: Unix via SSH Keys | |
PlatformID: UnixSSHKeys | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: "*NIX" | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 35 | |
Name: Conjur Host | |
PlatformID: ConjurHost | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Application | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 48 | |
Name: Conjur User | |
PlatformID: ConjurUser | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Application | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 32 | |
Name: CyberArk PTA | |
PlatformID: CyberArkPTA | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Application | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 9 | |
Name: CyberArk Vault | |
PlatformID: CyberArk | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Application | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 28 | |
Name: RSA Authentication Manager | |
PlatformID: RSAManagement | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Application | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 5 | |
Name: SAP | |
PlatformID: SAP | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Application | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 25 | |
Name: Amazon Web Services - AWS | |
PlatformID: AWS | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Cloud Service | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 26 | |
Name: Amazon Web Services - AWS - Access Keys | |
PlatformID: AWSAccessKeys | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Cloud Service | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 30 | |
Name: Microsoft Azure Password Management | |
PlatformID: AzurePasswordManagement | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Cloud Service | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 37 | |
Name: Google Cloud Platfrom - Service Account | |
PlatformID: GCPServiceAccount | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Cloud Service | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 29 | |
Name: Microsoft Azure Application Keys Management | |
PlatformID: AzureApplicationKeys | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Cloud Service | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 17 | |
Name: MySQL Server | |
PlatformID: MySQL | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 15 | |
Name: DB2 on Unix via SSH | |
PlatformID: DB2UnixSSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 16 | |
Name: Informix on Unix via SSH | |
PlatformID: InformixUnixSSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 3 | |
Name: Microsoft SQL Server | |
PlatformID: MSSql | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 8 | |
Name: Oracle Database | |
PlatformID: Oracle | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 31 | |
Name: SAP HANA | |
PlatformID: SAPHANA | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 4 | |
Name: Sybase ASE | |
PlatformID: Sybase | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 21 | |
Name: Novell eDirectory server | |
PlatformID: Novell-eDirectory | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Directory | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 20 | |
Name: SunOne directory via SSL | |
PlatformID: SunOneDirectorySSL | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Directory | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 19 | |
Name: Cisco router via SSH | |
PlatformID: CiscoSSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Network Device | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 12 | |
Name: AS400 | |
PlatformID: as400 | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Operating System | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 13 | |
Name: OS390 via SSH | |
PlatformID: OS390SSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Operating System | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 14 | |
Name: VMWare ESX Account API | |
PlatformID: VMWareESX-API | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Operating System | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 22 | |
Name: PSM Secure Connect | |
PlatformID: PSMSecureConnect | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: PSM Secure Connect | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 18 | |
Name: Check Point FireWall-1 | |
PlatformID: Firewall1 | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Security Appliance | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 24 | |
Name: Check Point GAiA via SSH | |
PlatformID: GAiASSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Security Appliance | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 42 | |
Name: Docker Registry | |
PlatformID: DockerRegistry | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Website | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 38 | |
Name: Generic Web App | |
PlatformID: GenericWebApp | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Website | |
- Active: false | |
AllowedSafes: BZ_I_* | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 36 | |
Name: Business Website | |
PlatformID: BusinessWebsite | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Website | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: true | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 7 | |
ID: 10 | |
Name: Windows Desktop Local Accounts | |
PlatformID: WinDesktopLocal | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Windows | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: true | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 7 | |
ID: 7 | |
Name: Windows Domain Account | |
PlatformID: WinDomain | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer | |
PSMServerName: PSM Server on PASAAS-PSM | |
SystemType: Windows | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: true | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 7 | |
ID: 6 | |
Name: Windows Server Local Accounts | |
PlatformID: WinServerLocal | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Windows | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 11 | |
Name: Windows Local Accounts WMI | |
PlatformID: WinLocalWMI | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Windows | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 27 | |
Name: Windows Loosely Device | |
PlatformID: WinLooselyDevice | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Windows | |
Total: | |
type: number | |
example: 37 | |
examples: | |
200 OK: | |
value: | |
Platforms: | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 2 | |
Name: Unix via SSH | |
PlatformID: UnixSSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer | |
PSMServerName: PSM Server on PASAAS-PSM | |
SystemType: "*NIX" | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 23 | |
Name: Unix via SSH Keys | |
PlatformID: UnixSSHKeys | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: "*NIX" | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 35 | |
Name: Conjur Host | |
PlatformID: ConjurHost | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Application | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 48 | |
Name: Conjur User | |
PlatformID: ConjurUser | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Application | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 32 | |
Name: CyberArk PTA | |
PlatformID: CyberArkPTA | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Application | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 9 | |
Name: CyberArk Vault | |
PlatformID: CyberArk | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Application | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 28 | |
Name: RSA Authentication Manager | |
PlatformID: RSAManagement | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Application | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 5 | |
Name: SAP | |
PlatformID: SAP | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Application | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 25 | |
Name: Amazon Web Services - AWS | |
PlatformID: AWS | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Cloud Service | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 26 | |
Name: Amazon Web Services - AWS - Access Keys | |
PlatformID: AWSAccessKeys | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Cloud Service | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 30 | |
Name: Microsoft Azure Password Management | |
PlatformID: AzurePasswordManagement | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Cloud Service | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 37 | |
Name: Google Cloud Platfrom - Service Account | |
PlatformID: GCPServiceAccount | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Cloud Service | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 29 | |
Name: Microsoft Azure Application Keys Management | |
PlatformID: AzureApplicationKeys | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Cloud Service | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 17 | |
Name: MySQL Server | |
PlatformID: MySQL | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 15 | |
Name: DB2 on Unix via SSH | |
PlatformID: DB2UnixSSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 16 | |
Name: Informix on Unix via SSH | |
PlatformID: InformixUnixSSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 3 | |
Name: Microsoft SQL Server | |
PlatformID: MSSql | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 8 | |
Name: Oracle Database | |
PlatformID: Oracle | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 31 | |
Name: SAP HANA | |
PlatformID: SAPHANA | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 4 | |
Name: Sybase ASE | |
PlatformID: Sybase | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Database | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 21 | |
Name: Novell eDirectory server | |
PlatformID: Novell-eDirectory | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Directory | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 20 | |
Name: SunOne directory via SSL | |
PlatformID: SunOneDirectorySSL | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Directory | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 19 | |
Name: Cisco router via SSH | |
PlatformID: CiscoSSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Network Device | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 12 | |
Name: AS400 | |
PlatformID: as400 | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Operating System | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 13 | |
Name: OS390 via SSH | |
PlatformID: OS390SSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Operating System | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 14 | |
Name: VMWare ESX Account API | |
PlatformID: VMWareESX-API | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Operating System | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 22 | |
Name: PSM Secure Connect | |
PlatformID: PSMSecureConnect | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: PSM Secure Connect | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 18 | |
Name: Check Point FireWall-1 | |
PlatformID: Firewall1 | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Security Appliance | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 24 | |
Name: Check Point GAiA via SSH | |
PlatformID: GAiASSH | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Security Appliance | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 42 | |
Name: Docker Registry | |
PlatformID: DockerRegistry | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Website | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 38 | |
Name: Generic Web App | |
PlatformID: GenericWebApp | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Website | |
- Active: false | |
AllowedSafes: BZ_I_* | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 36 | |
Name: Business Website | |
PlatformID: BusinessWebsite | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Website | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: true | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 7 | |
ID: 10 | |
Name: Windows Desktop Local Accounts | |
PlatformID: WinDesktopLocal | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Windows | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: true | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 7 | |
ID: 7 | |
Name: Windows Domain Account | |
PlatformID: WinDomain | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer | |
PSMServerName: PSM Server on PASAAS-PSM | |
SystemType: Windows | |
- Active: true | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: true | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: true | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 7 | |
ID: 6 | |
Name: Windows Server Local Accounts | |
PlatformID: WinServerLocal | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Windows | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: true | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 11 | |
Name: Windows Local Accounts WMI | |
PlatformID: WinLocalWMI | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
SystemType: Windows | |
- Active: false | |
AllowedSafes: ".*" | |
CredentialsManagementPolicy: | |
Change: | |
AllowManual: true | |
AutoOnAdd: false | |
PerformAutomatic: true | |
RequirePasswordEveryXDays: 90 | |
Reconcile: | |
AllowManual: false | |
AutomaticReconcileWhenUnsynced: false | |
SecretUpdateConfiguration: | |
ChangePasswordInResetMode: false | |
Verification: | |
AllowManual: false | |
AutoOnAdd: false | |
PerformAutomatic: false | |
RequirePasswordEveryXDays: 7 | |
ID: 27 | |
Name: Windows Loosely Device | |
PlatformID: WinLooselyDevice | |
PrivilegedAccessWorkflows: | |
EnforceCheckinCheckoutExclusiveAccess: | |
IsActive: false | |
IsAnException: false | |
EnforceOnetimePasswordAccess: | |
IsActive: false | |
IsAnException: false | |
RequireDualControlPasswordAccessApproval: | |
IsActive: false | |
IsAnException: false | |
RequireUsersToSpecifyReasonForAccess: | |
IsActive: false | |
IsAnException: false | |
PrivilegedSessionManagement: | |
PSMServerId: PSMServer_a91999c | |
PSMServerName: PSM Server on PASAAS-PVWA | |
SystemType: Windows | |
Total: 37 | |
"/passwordvault/api/platforms/targets/{PlatformName}": | |
delete: | |
tags: | |
- Platforms | |
- Target Platforms | |
summary: Delete Target Platform | |
description: This method allows Vault Admins to delete a target platform. | |
operationId: deleteTargetPlatform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/passwordvault/api/platforms/targets/{PlatformName}/activate": | |
post: | |
tags: | |
- Platforms | |
- Target Platforms | |
summary: Activate Target Platform | |
description: This method allows Vault Admins to activate a target platform. | |
operationId: activateTargetPlatform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/passwordvault/api/platforms/targets/{PlatformName}/deactivate": | |
post: | |
tags: | |
- Platforms | |
- Target Platforms | |
summary: Deactivate Target Platform | |
description: This method allows Vault Admins to deactivate a target platform. | |
operationId: deactivateTargetPlatform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
"/passwordvault/api/platforms/targets/{PlatformName}/duplicate": | |
post: | |
tags: | |
- Platforms | |
- Target Platforms | |
summary: Duplicate Target Platforms | |
description: This method allows Vault Admins to duplicate target platforms. | |
operationId: duplicateTargetPlatforms | |
requestBody: | |
content: | |
application/json: | |
schema: | |
type: object | |
properties: | |
Description: | |
type: string | |
example: "" | |
Name: | |
type: string | |
example: test Platform | |
example: | |
Description: "" | |
Name: test Platform | |
responses: | |
"200": | |
description: "" | |
parameters: | |
- name: PlatformName | |
in: path | |
required: true | |
schema: | |
type: string | |
tags: | |
- name: Accounts | |
- name: v2 API | |
- name: v1 API | |
- name: Account Actions | |
- name: v2 API1 | |
- name: v1 API1 | |
- name: Account Groups | |
- name: Bulk Upload of Accounts | |
description: "This section includes three methods that enable you to perform a bulk upload of multiple accounts, and review the results.\n\nFirst, to add multiple accounts at one time to the system, use the Create bulk upload of accounts REST API.\n\nNext, to check the status of all the bulk account uploads that were performed by a user, use the Get all bulk account uploads for user REST API.\n\nLast, to review a summary of uploaded accounts and accounts that failed for a specific bulk upload, use the Get bulk account upload result REST API." | |
- name: Discovered Accounts | |
description: "This section includes REST APIs for discovered accounts. " | |
- name: v2 API12 | |
- name: v1 API12 | |
- name: Applications | |
- name: Authentication | |
- name: v2 API123 | |
- name: SAML Authentication | |
- name: v1 API123 | |
- name: Shared Logon Authentication | |
- name: Authentication Methods Config | |
description: This section includes REST APIs for configuring and managing authentication methods. | |
- name: Central Credential Provider (CCP) | |
- name: General | |
description: This section includes general APIs. | |
- name: LDAP Integration | |
- name: LDAP Directories | |
- name: LDAP Mappings | |
- name: Monitor Sessions | |
- name: Session Actions | |
- name: Recordings | |
- name: Onboarding Rules | |
- name: OPM Commands | |
- name: Account | |
- name: Policy | |
- name: Platforms | |
- name: Target Platforms | |
description: This section includes REST APIs for managing target platforms. | |
- name: Dependent Platforms | |
description: This section includes REST APIs for managing dependent platforms. | |
- name: Group Platforms | |
description: This section includes REST APIs for managing group platforms. | |
- name: Rotational Group Platforms | |
description: This section includes REST APIs for managing rotational group platforms. | |
- name: Privileged Threat Analytics (PTA) | |
- name: PTA Installation | |
- name: Security Events | |
- name: Requests | |
- name: Confirm Requests | |
- name: My Requests | |
- name: Safes | |
- name: v2 API1234 | |
- name: v1 API1234 | |
- name: Safe Members | |
- name: Server | |
- name: Session Management | |
description: This section includes REST APIs related to session management. | |
- name: System Health | |
- name: User Management | |
description: This section includes REST APIs for managing users and groups. | |
- name: Users | |
- name: v2 API12345 | |
- name: v1 API12345 | |
- name: Groups | |
- name: v2 API123456 | |
- name: v1 API123456 | |
- name: Public SSH Authentication |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment