### GET /databases/strong-accounts Source: https://api-docs.cyberark.com/secure-infra-access/docs/strong-account-apis-for-sia-databases List all strong accounts associated with the database. ```APIDOC ## GET /databases/strong-accounts ### Description Retrieves a list of all strong accounts configured for the database. ### Method GET ### Endpoint https://{tenant_subdomain}.dpa.cyberark.cloud/databases/strong-accounts ### Response #### Success Response (200) - **accounts** (array) - A list of strong account objects. #### Response Example { "accounts": [ { "id": "acc-1", "type": "MySQL" }, { "id": "acc-2", "type": "PostgreSQL" } ] } ``` -------------------------------- ### Authentication Quick Start Source: https://api-docs.cyberark.com/identity-docs-api This section outlines the essential endpoints for initiating and completing the user authentication process within the CyberArk Identity Platform. ```APIDOC ## Authentication Quick Start To authenticate users and interact with CyberArk Identity APIs, you will use the following endpoints: ### `/Security/StartAuthentication` #### Description Initiates the authentication process for a user within a given tenant. It returns security challenges and mechanisms that the user must fulfill. ### `/Security/AdvanceAuthentication` #### Description Submits the user's responses to the authentication mechanisms. Upon successful validation, it returns an authentication token cookie. **Note**: The authentication process must be completed within five minutes of invoking `/Security/StartAuthentication`. ### `/security/logout` #### Description Logs out the user by invalidating the authentication token. The authentication token, acquired from `/Security/AdvanceAuthentication`, must be passed in the header. ### Request Example (Conceptual) ```json { "username": "user@example.com", "tenantId": "your-tenant-id" } ``` ### Response Example (Conceptual for StartAuthentication) ```json [ { "challengeId": "challenge-123", "mechanisms": [ { "type": "Password", "prompt": "Enter your password" } ] } ] ``` ### Response Example (Conceptual for AdvanceAuthentication) ```json { "success": true, "tokenCookie": "session-token-abcde" } ``` ``` -------------------------------- ### GET /assets Source: https://api-docs.cyberark.com/secure-access Retrieve a list of assets available within the Secure Access system. ```APIDOC ## GET /assets ### Description Retrieves a list of all assets accessible to the authenticated user. ### Method GET ### Endpoint /assets ### Parameters None ### Response #### Success Response (200) - **assets** (array) - A list of Asset objects. #### Response Example { "assets": [ { "id": "123", "name": "Production Server", "type": "Server" } ] } ``` -------------------------------- ### Get Agent API Source: https://api-docs.cyberark.com/sai-api Retrieves details for a specific AI agent. ```APIDOC ## GET /agents/{agentId} ### Description Retrieves details for a specific AI agent. ### Method GET ### Endpoint /agents/{agentId} ### Parameters #### Path Parameters - **agentId** (string) - Required - The unique identifier of the agent. ### Response #### Success Response (200) - **agent** (object) - The details of the agent. - **agentId** (string) - The unique identifier for the agent. - **name** (string) - The name of the agent. - **version** (string) - The version of the agent. - **status** (string) - The current status of the agent. - **lastSeen** (string) - The timestamp when the agent was last seen. - **owner** (string) - The owner of the agent. - **clientId** (string) - The client ID associated with the agent. #### Response Example ```json { "agent": { "agentId": "a1b2c3d4-e5f6-7890-1234-567890abcdef", "name": "MySecureAgent", "version": "1.0.0", "status": "ACTIVE", "lastSeen": "2023-10-27T10:00:00Z", "owner": "admin", "clientId": "client-123" } } ``` ``` -------------------------------- ### Get Agent Source: https://api-docs.cyberark.com/sai-api/docs/secure-ai-api Retrieves details for a specific AI agent by its ID. ```APIDOC ## GET /agents/{agentId} ### Description Retrieves details for a specific AI agent by its ID. ### Method GET ### Endpoint /agents/{agentId} ### Parameters #### Path Parameters - **agentId** (string) - Required - The unique identifier of the agent to retrieve. ### Response #### Success Response (200) - **agentId** (string) - The unique identifier of the agent. - **name** (string) - The name of the agent. - **version** (string) - The version of the agent. - **state** (string) - The current state of the agent (e.g., ACTIVE, INACTIVE). - **lastSeen** (string) - The timestamp when the agent was last seen. #### Response Example { "agentId": "a1b2c3d4-e5f6-7890-1234-567890abcdef", "name": "MyAwesomeAgent", "version": "1.0.0", "state": "ACTIVE", "lastSeen": "2023-10-27T10:00:00Z" } ``` -------------------------------- ### Authenticate Service API Request Source: https://api-docs.cyberark.com/create-api-token/docs/create-api-token Example of how to use the retrieved bearer token to authenticate a request to an ISPSS service API. The token must be passed in the Authorization header. ```http GET https://hostname.dpa.cyberark.cloud/api/settings Authorization: Bearer eyJh... ``` -------------------------------- ### GET /secrets/{id} Source: https://api-docs.cyberark.com/secure-access Retrieve the details of a specific secret by its unique identifier. ```APIDOC ## GET /secrets/{id} ### Description Fetches the secret value associated with the provided asset ID. ### Method GET ### Endpoint /secrets/{id} ### Parameters #### Path Parameters - **id** (string) - Required - The unique identifier of the secret. ### Response #### Success Response (200) - **secret** (string) - The requested secret value. #### Response Example { "secret": "super-secret-value-123" } ``` -------------------------------- ### ISPSS API Bearer Token Response Source: https://api-docs.cyberark.com/create-api-token This is an example of a successful response from the platformtoken endpoint, providing the bearer token and its details. The 'access_token' field contains the token required for subsequent API calls. ```json { "access_token": "eyJh...", "token_type": "Bearer", "expires_in": 900 } ``` -------------------------------- ### Get Bearer Token Source: https://api-docs.cyberark.com/create-api-token/docs/create-api-token Obtain a bearer token for authenticating to CyberArk ISPSS APIs by calling the platformtoken endpoint. This requires a service account configured with 'Is OAuth confidential client' enabled. ```APIDOC ## POST /oauth2/platformtoken ### Description Obtains a bearer token for authenticating to CyberArk ISPSS APIs. ### Method POST ### Endpoint `https://.id.cyberark.cloud/oauth2/platformtoken` ### Parameters #### Request Body - **grant_type** (string) - Required - Must be `client_credentials` - **client_id** (string) - Required - The login name of the service account. - **client_secret** (string) - Required - The password of the service account. ### Request Example ``` POST /oauth2/platformtoken Host: hostname.id.cyberark.cloud content-type: application/x-www-form-urlencoded grant_type=client_credentials&client_id=api%40cyberark.cloud&client_secret=myAPIpassword1! ``` ### Response #### Success Response (200) - **access_token** (string) - The bearer token. - **token_type** (string) - The type of token, typically 'Bearer'. - **expires_in** (integer) - The token's validity period in seconds. #### Response Example ```json { "access_token": "eyJh...", "token_type": "Bearer", "expires_in": 900 } ``` ``` -------------------------------- ### POST /Security/StartAuthentication Source: https://api-docs.cyberark.com/identity-docs-api/docs/identity-apis Initiates the authentication process for a user. Returns a list of security challenges and mechanisms required for authentication. ```APIDOC ## POST /Security/StartAuthentication ### Description Initiates the authentication process for a user. If the user is registered, the server returns an array of security challenges and mechanisms that the user must fulfill. ### Method POST ### Endpoint /Security/StartAuthentication ### Request Example { "User": "username", "TenantId": "your-tenant-id" } ### Response #### Success Response (200) - **Challenges** (array) - List of security challenges to be completed. #### Response Example { "success": true, "Result": { "Challenges": [...] } } ``` -------------------------------- ### Web App Creation API Source: https://api-docs.cyberark.com/sca-api/docs/secure-cloud-access-apis Create new web applications within the platform. ```APIDOC ## POST /web-apps ### Description Create a new web application. ### Method POST ### Endpoint /web-apps ``` -------------------------------- ### POST /databases/strong-accounts Source: https://api-docs.cyberark.com/secure-infra-access/docs/strong-account-apis-for-sia-databases Add a new strong account for a database. ```APIDOC ## POST /databases/strong-accounts ### Description Adds a new strong account configuration to the specified SIA database. ### Method POST ### Endpoint https://{tenant_subdomain}.dpa.cyberark.cloud/databases/strong-accounts ### Parameters #### Request Body - **account_details** (object) - Required - The configuration properties for the specific database type (e.g., MSSqlAccountProperties, OracleAccountProperties). ### Request Example { "type": "MSSqlAccountProperties", "username": "admin", "password": "securepassword" } ### Response #### Success Response (201) - **id** (string) - The unique identifier of the created strong account. #### Response Example { "id": "acc-12345", "status": "created" } ``` -------------------------------- ### Authentication Overview Source: https://api-docs.cyberark.com/identity-protection Information on how to authenticate with the CyberArk Identity Protection APIs. It is recommended to use a dedicated service user for API access. ```APIDOC ## Authentication ### Description Before you can interact with the Identity Protection APIs, you must authenticate. This typically involves obtaining an API token. ### Method Refer to the 'Create an API token' section for specific authentication methods. ### Endpoint Not applicable for general authentication overview. Specific service API URLs are provided after authentication. ### Parameters No specific parameters for this general overview. ### Request Example Refer to the 'Create an API token' documentation for request examples. ### Response Upon successful authentication, you will receive an authentication token. #### Success Response (200) - **token** (string) - The bearer token to be used in subsequent API requests. #### Response Example { "token": "your_generated_bearer_token" } ## Service API URLs ### Description After successful authentication, you will be provided with a list of service API URLs for different CyberArk Identity Protection services. ### Method N/A ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response - **service_api_urls** (object) - A map of service names to their respective API endpoints. #### Response Example { "identity_protection_api_v1": "https://your-tenant.idaptive.app/api/v1", "audit_api_v1": "https://your-tenant.idaptive.app/audit/api/v1" } ## Important Notes ### Description Recommendations and considerations for using the CyberArk Identity Protection APIs. ### Usage Recommendation It is recommended to use a dedicated service user with appropriate roles for API authentication, rather than your personal CyberArk Identity user account. ### Token Usage The authentication token obtained must be included as a 'Bearer' token in the `Authorization` header of every API request. ``` -------------------------------- ### Authorization Header Format Source: https://api-docs.cyberark.com/create-api-token Demonstrates how to include the obtained bearer token in the Authorization header for service API requests. ```APIDOC ## Service API Request Authorization ### Description To authenticate requests to CyberArk ISPSS service APIs, include the obtained bearer token in the `Authorization` header. ### Request Example ``` GET https://hostname.dpa.cyberark.cloud/api/settings Authorization: Bearer eyJh... ``` ``` -------------------------------- ### Workspace Delegation API Source: https://api-docs.cyberark.com/ Manage user and role delegations to cloud workspaces including creation, updates, and deletion. ```APIDOC ## POST /workspaces/delegations ### Description Create a new delegation for a user or role within a cloud workspace. ### Method POST ### Endpoint /workspaces/delegations ### Parameters #### Request Body - **userId** (string) - Required - The ID of the user being delegated. - **roleId** (string) - Required - The role to be assigned. - **workspaceId** (string) - Required - The target workspace identifier. ### Request Example { "userId": "user-123", "roleId": "admin-role", "workspaceId": "ws-456" } ### Response #### Success Response (201) - **id** (string) - The unique ID of the created delegation. #### Response Example { "id": "del-789", "status": "created" } ``` -------------------------------- ### Cloud Scan API Source: https://api-docs.cyberark.com/sca-api/docs/secure-cloud-access-apis Initiate scans of your cloud environment to discover roles and resources. ```APIDOC ## POST /cloud-scan/initiate ### Description Initiate a scan of your onboarded workspace for roles and resources. ### Method POST ### Endpoint /cloud-scan/initiate ``` -------------------------------- ### Authentication API Source: https://api-docs.cyberark.com/sca-api/docs/secure-cloud-access-apis Generate authentication tokens for API access. ```APIDOC ## POST /auth/token ### Description Generate a public access token. ### Method POST ### Endpoint /auth/token ``` -------------------------------- ### POST /Security/AdvanceAuthentication Source: https://api-docs.cyberark.com/identity-docs-api/docs/identity-apis Submits user responses to security challenges. Upon successful validation, returns an authentication token cookie. ```APIDOC ## POST /Security/AdvanceAuthentication ### Description Sends the user's responses to the security mechanisms back to the server. If accepted, returns an authentication token cookie. ### Method POST ### Endpoint /Security/AdvanceAuthentication ### Request Example { "SessionId": "session-id-from-start", "MechanismId": "mechanism-id", "Action": "answer", "Answer": "user-response" } ### Response #### Success Response (200) - **Token** (string) - Authentication token cookie for subsequent requests. #### Response Example { "success": true, "Result": { "Token": "auth-token-string" } } ``` -------------------------------- ### Register AI Agent API Source: https://api-docs.cyberark.com/sai-api Registers a new AI agent with the system. ```APIDOC ## POST /agents ### Description Registers a new AI agent with the system. ### Method POST ### Endpoint /agents ### Parameters #### Request Body - **agent** (object) - Required - The details of the agent to register. - **name** (string) - Required - The name of the agent. - **version** (string) - Required - The version of the agent. - **owner** (string) - Optional - The owner of the agent. - **credentials** (object) - Optional - The credentials for the agent. - **username** (string) - Required - The username for authentication. - **password** (string) - Required - The password for authentication. ### Request Example ```json { "agent": { "name": "MySecureAgent", "version": "1.0.0", "owner": "admin", "credentials": { "username": "agent_user", "password": "agent_password" } } } ``` ### Response #### Success Response (200) - **agentId** (string) - The unique identifier for the registered agent. #### Response Example ```json { "agentId": "a1b2c3d4-e5f6-7890-1234-567890abcdef" } ``` ``` -------------------------------- ### Integration API Source: https://api-docs.cyberark.com/sca-api/docs/secure-cloud-access-apis Retrieve the status of integration jobs. ```APIDOC ## GET /integration/jobs/{jobId}/status ### Description Get the status of an integration job. ### Method GET ### Endpoint /integration/jobs/{jobId}/status ``` -------------------------------- ### Access API Source: https://api-docs.cyberark.com/sca-api/docs/secure-cloud-access-apis Manage access to targets and groups, including requesting elevated privileges and just-in-time membership. ```APIDOC ## GET /access/targets ### Description List targets you are eligible to access. ### Method GET ### Endpoint /access/targets ``` ```APIDOC ## GET /access/groups ### Description List groups for which you are eligible to request just-in-time membership. ### Method GET ### Endpoint /access/groups ``` ```APIDOC ## POST /access/elevate ### Description Request elevated access to a target. ### Method POST ### Endpoint /access/elevate ``` ```APIDOC ## POST /access/groups/request-membership ### Description Request just-in-time membership to groups. ### Method POST ### Endpoint /access/groups/request-membership ``` ```APIDOC ## GET /access/sessions ### Description Get a list of your active sessions. ### Method GET ### Endpoint /access/sessions ``` ```APIDOC ## GET /access/sessions/user/{userId} ### Description Get active sessions for a specific user. ### Method GET ### Endpoint /access/sessions/user/{userId} ``` ```APIDOC ## POST /access/sessions/revoke-by-id ### Description Revoke sessions by their session ID. ### Method POST ### Endpoint /access/sessions/revoke-by-id ``` ```APIDOC ## POST /access/sessions/revoke-user ### Description Revoke all active sessions for a user. ### Method POST ### Endpoint /access/sessions/revoke-user ``` -------------------------------- ### On-Demand Approval Configuration API Source: https://api-docs.cyberark.com/sca-api/docs/secure-cloud-access-apis Configure and manage on-demand approval channels. ```APIDOC ## GET /approval/channel ### Description Get the current on-demand approval channel configuration. ### Method GET ### Endpoint /approval/channel ``` ```APIDOC ## PATCH /approval/channel/settings ### Description Configure on-demand approval channel settings. ### Method PATCH ### Endpoint /approval/channel/settings ``` -------------------------------- ### Access Control Policies API - Base URL and Authentication Source: https://api-docs.cyberark.com/uap-schema-api Information on how to access the Access Control Policies API and the necessary authentication steps. ```APIDOC ## Access Control Policies API ### Description Welcome to the Access control policies API for working with policies in CyberArk's Administration space. Before you start working with the API, you need to authenticate the API. ### Method N/A (This section describes general API access and authentication) ### Endpoint `https://.uap.cyberark.cloud/api` ### Authentication Authentication is required. Please refer to the 'Create an API token' documentation for detailed steps. The authentication token must be included as a bearer token in the header of each API request. ### Recommendations It is recommended to use a dedicated service user with the **CS Admin** or **SCA Admin** role for cloud console policies, or the **DPAAdmin** role for infrastructure policies. When logging in via CyberArk Identity, an authentication token is sent and must be included in the request header. ``` -------------------------------- ### Policies API Source: https://api-docs.cyberark.com/sca-api/docs/secure-cloud-access-apis Manage and validate security policies for your cloud environment. ```APIDOC ## GET /policies ### Description Query all available policies. ### Method GET ### Endpoint /policies ``` ```APIDOC ## POST /policies ### Description Create a new policy. ### Method POST ### Endpoint /policies ``` ```APIDOC ## GET /policies/{policyId} ### Description Get details of a specific policy. ### Method GET ### Endpoint /policies/{policyId} ``` ```APIDOC ## PUT /policies/{policyId} ### Description Edit an existing policy. ### Method PUT ### Endpoint /policies/{policyId} ``` ```APIDOC ## DELETE /policies/{policyId} ### Description Remove a policy. ### Method DELETE ### Endpoint /policies/{policyId} ``` ```APIDOC ## GET /policies/{policyId}/status ### Description Get the status of a specific policy. ### Method GET ### Endpoint /policies/{policyId}/status ``` ```APIDOC ## POST /policies/discover ### Description Discover updates to your onboarded workspace. ### Method POST ### Endpoint /policies/discover ``` ```APIDOC ## POST /policies/validate ### Description Validate a policy. ### Method POST ### Endpoint /policies/validate ``` ```APIDOC ## POST /policies/create ### Description Create a policy (alternative endpoint). ### Method POST ### Endpoint /policies/create ``` -------------------------------- ### List Agents API Source: https://api-docs.cyberark.com/sai-api Retrieves a list of all registered AI agents. ```APIDOC ## GET /agents ### Description Retrieves a list of all registered AI agents. ### Method GET ### Endpoint /agents ### Parameters #### Query Parameters - **owner** (string) - Optional - Filter agents by owner. ### Response #### Success Response (200) - **agents** (array) - A list of Agent objects. #### Response Example ```json { "agents": [ { "agentId": "string", "name": "string", "version": "string", "status": "string", "lastSeen": "string" } ] } ``` ``` -------------------------------- ### Workloads API Source: https://api-docs.cyberark.com/secrets-manager-saas Endpoints for managing workload annotations and deletions. ```APIDOC ## DEL /workloads/{workload_id}/annotations/{annotation_id} ### Description Deletes a specific annotation from a workload. ### Method DELETE ### Endpoint /workloads/{workload_id}/annotations/{annotation_id} ### Parameters #### Path Parameters - **workload_id** (string) - Required - The ID of the workload. - **annotation_id** (string) - Required - The ID of the annotation to delete. ### Response #### Success Response (200) - **message** (string) - Confirmation message. #### Response Example ```json { "message": "Annotation deleted successfully." } ``` ## DEL /workloads/{workload_id} ### Description Deletes a workload. ### Method DELETE ### Endpoint /workloads/{workload_id} ### Parameters #### Path Parameters - **workload_id** (string) - Required - The ID of the workload to delete. ### Response #### Success Response (200) - **message** (string) - Confirmation message. #### Response Example ```json { "message": "Workload deleted successfully." } ``` ``` -------------------------------- ### Edit Agent Source: https://api-docs.cyberark.com/sai-api/docs/secure-ai-api Updates the metadata of an existing AI agent. ```APIDOC ## PATCH /agents/{agentId} ### Description Updates the metadata of an existing AI agent. ### Method PATCH ### Endpoint /agents/{agentId} ### Parameters #### Path Parameters - **agentId** (string) - Required - The unique identifier of the agent to edit. #### Request Body - **name** (string) - Optional - The new name for the agent. - **version** (string) - Optional - The new version for the agent. - **description** (string) - Optional - The new description for the agent. ### Request Example { "description": "Updated description for my agent." } ### Response #### Success Response (200) - **agentId** (string) - The unique identifier of the updated agent. - **name** (string) - The updated name of the agent. - **version** (string) - The updated version of the agent. - **description** (string) - The updated description of the agent. #### Response Example { "agentId": "a1b2c3d4-e5f6-7890-1234-567890abcdef", "name": "MyAwesomeAgent", "version": "1.0.1", "description": "Updated description for my agent." } ``` -------------------------------- ### Database Strong Account Management Source: https://api-docs.cyberark.com/secure-infra-access Endpoints for performing CRUD operations on strong accounts associated with SIA databases. ```APIDOC ## POST /strong-accounts ### Description Adds a new strong account to the database. ### Method POST ### Endpoint /strong-accounts ### Request Body - **accountData** (ManagedAccountRequest) - Required - The details of the strong account to be created. ### Response #### Success Response (201) - **id** (string) - The unique identifier of the created account. --- ## GET /strong-accounts ### Description Lists all strong accounts associated with the database. ### Method GET ### Endpoint /strong-accounts ### Response #### Success Response (200) - **accounts** (ListDatabaseStrongAccountsResponse) - A list of strong accounts. --- ## GET /strong-accounts/{id} ### Description Retrieves the details of a specific strong account. ### Method GET ### Endpoint /strong-accounts/{id} ### Parameters #### Path Parameters - **id** (string) - Required - The unique identifier of the account. ### Response #### Success Response (200) - **account** (GetDatabaseStrongAccountResponse) - The account details. --- ## PUT /strong-accounts/{id} ### Description Updates an existing strong account. ### Method PUT ### Endpoint /strong-accounts/{id} ### Request Body - **accountData** (ManagedAccountRequest) - Required - The updated account properties. --- ## DELETE /strong-accounts/{id} ### Description Deletes a specific strong account. ### Method DELETE ### Endpoint /strong-accounts/{id} ``` -------------------------------- ### Set Agent State API Source: https://api-docs.cyberark.com/sai-api Sets the state of a specific AI agent. ```APIDOC ## POST /agents/{agentId}/state ### Description Sets the state of a specific AI agent. ### Method POST ### Endpoint /agents/{agentId}/state ### Parameters #### Path Parameters - **agentId** (string) - Required - The unique identifier of the agent. #### Request Body - **state** (string) - Required - The desired state for the agent (e.g., "ACTIVE", "INACTIVE"). ### Request Example ```json { "state": "INACTIVE" } ``` ### Response #### Success Response (200) - **message** (string) - A confirmation message indicating the state was updated. #### Response Example ```json { "message": "Agent state updated successfully." } ``` ``` -------------------------------- ### Edit Agent API Source: https://api-docs.cyberark.com/sai-api Updates the details of an existing AI agent. ```APIDOC ## PATCH /agents/{agentId} ### Description Updates the details of an existing AI agent. ### Method PATCH ### Endpoint /agents/{agentId} ### Parameters #### Path Parameters - **agentId** (string) - Required - The unique identifier of the agent to update. #### Request Body - **agent** (object) - Required - The fields to update for the agent. - **name** (string) - Optional - The new name of the agent. - **version** (string) - Optional - The new version of the agent. - **owner** (string) - Optional - The new owner of the agent. ### Request Example ```json { "agent": { "name": "UpdatedAgentName", "owner": "new_owner" } } ``` ### Response #### Success Response (200) - **message** (string) - A confirmation message indicating the agent was updated. #### Response Example ```json { "message": "Agent updated successfully." } ``` ``` -------------------------------- ### POST /security/logout Source: https://api-docs.cyberark.com/identity-docs-api/docs/identity-apis Terminates the user session by invalidating the authentication token. ```APIDOC ## POST /security/logout ### Description Logs the user out and invalidates the session token. ### Method POST ### Endpoint /security/logout ### Parameters #### Headers - **Authorization** (string) - Required - The authentication token acquired from /Security/AdvanceAuthentication. ### Response #### Success Response (200) - **success** (boolean) - Indicates if the logout was successful. ``` -------------------------------- ### Authenticators API Source: https://api-docs.cyberark.com/secrets-manager-saas Endpoints for managing authenticators. ```APIDOC ## GET /authenticators ### Description Lists all available authenticators. ### Method GET ### Endpoint /authenticators ### Response #### Success Response (200) - **authenticators** (array) - A list of authenticator objects. - **id** (string) - The authenticator ID. - **name** (string) - The authenticator name. - **type** (string) - The authenticator type. #### Response Example ```json { "authenticators": [ {"id": "auth-1", "name": "LDAP Authenticator", "type": "ldap"}, {"id": "auth-2", "name": "JWT Authenticator", "type": "jwt"} ] } ``` ## POST /authenticators ### Description Creates a new authenticator. ### Method POST ### Endpoint /authenticators ### Parameters #### Request Body - **name** (string) - Required - The name of the authenticator. - **type** (string) - Required - The type of the authenticator (e.g., "ldap", "jwt", "azure"). - **config** (object) - Required - Configuration details for the authenticator. ### Request Example ```json { "name": "My New Authenticator", "type": "jwt", "config": { "issuer": "https://my-auth-server.com", "audience": "secretsmgr" } } ``` ### Response #### Success Response (200) - **id** (string) - The ID of the newly created authenticator. - **message** (string) - Confirmation message. #### Response Example ```json { "id": "new-auth-456", "message": "Authenticator created successfully." } ``` ## GET /authenticators/{authenticator_id} ### Description Retrieves details for a specific authenticator. ### Method GET ### Endpoint /authenticators/{authenticator_id} ### Parameters #### Path Parameters - **authenticator_id** (string) - Required - The ID of the authenticator to retrieve. ### Response #### Success Response (200) - **authenticator** (object) - The authenticator details. - **id** (string) - The authenticator ID. - **name** (string) - The authenticator name. - **type** (string) - The authenticator type. - **config** (object) - The authenticator configuration. #### Response Example ```json { "authenticator": { "id": "auth-2", "name": "JWT Authenticator", "type": "jwt", "config": { "issuer": "https://my-auth-server.com", "audience": "secretsmgr" } } } ``` ## DEL /authenticators/{authenticator_id} ### Description Deletes a specific authenticator. ### Method DELETE ### Endpoint /authenticators/{authenticator_id} ### Parameters #### Path Parameters - **authenticator_id** (string) - Required - The ID of the authenticator to delete. ### Response #### Success Response (200) - **message** (string) - Confirmation message. #### Response Example ```json { "message": "Authenticator deleted successfully." } ``` ## PATCH /authenticators/{authenticator_id} ### Description Updates an existing authenticator. ### Method PATCH ### Endpoint /authenticators/{authenticator_id} ### Parameters #### Path Parameters - **authenticator_id** (string) - Required - The ID of the authenticator to update. #### Request Body - **name** (string) - Optional - The new name for the authenticator. - **config** (object) - Optional - The updated configuration for the authenticator. ### Request Example ```json { "name": "Updated Authenticator Name", "config": { "audience": "new-audience" } } ``` ### Response #### Success Response (200) - **message** (string) - Confirmation message. #### Response Example ```json { "message": "Authenticator updated successfully." } ``` ``` -------------------------------- ### Set Agent State Source: https://api-docs.cyberark.com/sai-api/docs/secure-ai-api Updates the state of a specific AI agent. ```APIDOC ## POST /agents/{agentId}/state ### Description Updates the state of a specific AI agent. ### Method POST ### Endpoint /agents/{agentId}/state ### Parameters #### Path Parameters - **agentId** (string) - Required - The unique identifier of the agent whose state to update. #### Request Body - **state** (string) - Required - The new state for the agent (e.g., ACTIVE, INACTIVE). ### Request Example { "state": "INACTIVE" } ### Response #### Success Response (200) - **agentId** (string) - The unique identifier of the agent. - **state** (string) - The updated state of the agent. #### Response Example { "agentId": "a1b2c3d4-e5f6-7890-1234-567890abcdef", "state": "INACTIVE" } ``` -------------------------------- ### Issuers API Source: https://api-docs.cyberark.com/secrets-manager-saas Endpoints for managing certificate issuers. ```APIDOC ## POST /issuers/issue-certificate ### Description Issues a new certificate. ### Method POST ### Endpoint /issuers/issue-certificate ### Parameters #### Request Body - **issuer_id** (string) - Required - The ID of the issuer to use. - **subject** (string) - Required - The subject of the certificate. - **alt_names** (array) - Optional - Alternative names for the certificate. ### Request Example ```json { "issuer_id": "letsencrypt-prod", "subject": "example.com", "alt_names": ["www.example.com"] } ``` ### Response #### Success Response (200) - **certificate** (string) - The issued certificate. - **private_key** (string) - The private key for the certificate. #### Response Example ```json { "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----", "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----" } ``` ## POST /issuers/sign-certificate ### Description Signs a certificate request. ### Method POST ### Endpoint /issuers/sign-certificate ### Parameters #### Request Body - **issuer_id** (string) - Required - The ID of the issuer to use. - **csr** (string) - Required - The certificate signing request (CSR). ### Request Example ```json { "issuer_id": "internal-ca", "csr": "-----BEGIN CERTIFICATE REQUEST-----\n...\n-----END CERTIFICATE REQUEST-----" } ``` ### Response #### Success Response (200) - **certificate** (string) - The signed certificate. #### Response Example ```json { "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----" } ``` ## GET /issuers ### Description Retrieves a list of available issuers. ### Method GET ### Endpoint /issuers ### Response #### Success Response (200) - **issuers** (array) - A list of issuer objects. - **id** (string) - The issuer ID. - **name** (string) - The issuer name. #### Response Example ```json { "issuers": [ {"id": "letsencrypt-prod", "name": "Let's Encrypt (Production)"}, {"id": "internal-ca", "name": "Internal Certificate Authority"} ] } ``` ## POST /issuers ### Description Creates a new issuer. ### Method POST ### Endpoint /issuers ### Parameters #### Request Body - **name** (string) - Required - The name of the new issuer. - **type** (string) - Required - The type of the issuer (e.g., "letsencrypt", "aws-pca"). - **config** (object) - Required - Configuration details for the issuer. ### Request Example ```json { "name": "My New Issuer", "type": "letsencrypt", "config": { "email": "admin@example.com", "server": "https://acme-v02.api.letsencrypt.org/directory" } } ``` ### Response #### Success Response (200) - **id** (string) - The ID of the newly created issuer. - **message** (string) - Confirmation message. #### Response Example ```json { "id": "new-issuer-123", "message": "Issuer created successfully." } ``` ## GET /issuers/{issuer_id} ### Description Retrieves details for a specific issuer. ### Method GET ### Endpoint /issuers/{issuer_id} ### Parameters #### Path Parameters - **issuer_id** (string) - Required - The ID of the issuer to retrieve. ### Response #### Success Response (200) - **issuer** (object) - The issuer details. - **id** (string) - The issuer ID. - **name** (string) - The issuer name. - **type** (string) - The issuer type. - **config** (object) - The issuer configuration. #### Response Example ```json { "issuer": { "id": "letsencrypt-prod", "name": "Let's Encrypt (Production)", "type": "letsencrypt", "config": { "email": "admin@example.com", "server": "https://acme-v02.api.letsencrypt.org/directory" } } } ``` ## DEL /issuers/{issuer_id} ### Description Deletes a specific issuer. ### Method DELETE ### Endpoint /issuers/{issuer_id} ### Parameters #### Path Parameters - **issuer_id** (string) - Required - The ID of the issuer to delete. ### Response #### Success Response (200) - **message** (string) - Confirmation message. #### Response Example ```json { "message": "Issuer deleted successfully." } ``` ## PATCH /issuers/{issuer_id} ### Description Updates an existing issuer. ### Method PATCH ### Endpoint /issuers/{issuer_id} ### Parameters #### Path Parameters - **issuer_id** (string) - Required - The ID of the issuer to update. #### Request Body - **name** (string) - Optional - The new name for the issuer. - **config** (object) - Optional - The updated configuration for the issuer. ### Request Example ```json { "name": "Updated Issuer Name", "config": { "email": "new_admin@example.com" } } ``` ### Response #### Success Response (200) - **message** (string) - Confirmation message. #### Response Example ```json { "message": "Issuer updated successfully." } ``` ``` -------------------------------- ### POST /oauth2/platformtoken - Obtain API Bearer Token Source: https://api-docs.cyberark.com/create-api-token This endpoint is used to obtain a bearer token for authenticating to CyberArk ISPSS APIs. It requires service account credentials. ```APIDOC ## POST /oauth2/platformtoken ### Description Obtains a bearer token for authenticating to CyberArk Identity Security Platform Shared Services (ISPSS) APIs. ### Method POST ### Endpoint `https://.id.cyberark.cloud/oauth2/platformtoken` ### Parameters #### Request Body - **grant_type** (string) - Required - Must be `client_credentials`. - **client_id** (string) - Required - The login name of the service account. - **client_secret** (string) - Required - The password of the service account. ### Request Example ``` POST /oauth2/platformtoken Host: hostname.id.cyberark.cloud content-type: application/x-www-form-urlencoded grant_type=client_credentials&client_id=api%40cyberark.cloud&client_secret=myAPIpassword1! ``` ### Response #### Success Response (200) - **access_token** (string) - The bearer token. - **token_type** (string) - The type of token, typically 'Bearer'. - **expires_in** (integer) - The token's validity period in seconds. #### Response Example ```json { "access_token": "eyJh...", "token_type": "Bearer", "expires_in": 900 } ``` ``` -------------------------------- ### Access Requests API Source: https://api-docs.cyberark.com/ Endpoints to view and manage pending and historical access requests. ```APIDOC ## GET /access-requests ### Description Retrieve a list of all access requests associated with the authenticated user or organization. ### Method GET ### Endpoint /access-requests ### Parameters #### Query Parameters - **status** (string) - Optional - Filter by status (e.g., pending, approved, rejected). ### Response #### Success Response (200) - **requests** (array) - A list of access request objects. #### Response Example { "requests": [ { "requestId": "req-001", "status": "pending" } ] } ``` -------------------------------- ### Authenticate Service API Requests Source: https://api-docs.cyberark.com/create-api-token/docs/create-api-token Use the obtained bearer token to authenticate requests to CyberArk ISPSS APIs by including it in the Authorization header. ```APIDOC ## Authenticating Service API Requests ### Description Add the bearer token obtained from the `platformtoken` endpoint to the `Authorization` header of your service API requests. ### Method GET (example for a service API) ### Endpoint `https://..cyberark.cloud/api` (example for SIA API) ### Headers - **Authorization** (string) - Required - `Bearer ` where `` is the `access_token` from the `platformtoken` response. ### Request Example ``` GET https://hostname.dpa.cyberark.cloud/api/settings Authorization: Bearer eyJh... ``` ``` -------------------------------- ### Retrieve ISPSS Bearer Token Source: https://api-docs.cyberark.com/create-api-token/docs/create-api-token This request retrieves an access token by sending a POST request to the platformtoken endpoint with client credentials. The response includes an access_token which is used for subsequent API authentication. ```http POST /oauth2/platformtoken Host: hostname.id.cyberark.cloud content-type: application/x-www-form-urlencoded grant_type=client_credentials&client_id=api%40cyberark.cloud&client_secret=myAPIpassword1! ``` -------------------------------- ### Groups API Source: https://api-docs.cyberark.com/secrets-manager-saas Endpoints for managing group members within the Secrets Manager SaaS. ```APIDOC ## POST /groups ### Description Adds a member to a group. ### Method POST ### Endpoint /groups ### Parameters #### Request Body - **member_id** (string) - Required - The ID of the member to add. - **group_id** (string) - Required - The ID of the group to add the member to. ### Request Example ```json { "member_id": "user123", "group_id": "developers" } ``` ### Response #### Success Response (200) - **message** (string) - Confirmation message. #### Response Example ```json { "message": "Member added to group successfully." } ``` ## DEL /groups ### Description Removes a member from a group. ### Method DELETE ### Endpoint /groups ### Parameters #### Query Parameters - **member_id** (string) - Required - The ID of the member to remove. - **group_id** (string) - Required - The ID of the group to remove the member from. ### Request Example ``` DELETE /groups?member_id=user123&group_id=developers ``` ### Response #### Success Response (200) - **message** (string) - Confirmation message. #### Response Example ```json { "message": "Member removed from group successfully." } ``` ``` -------------------------------- ### Secrets API Source: https://api-docs.cyberark.com/secrets-manager-saas Endpoints for retrieving secrets. ```APIDOC ## POST /secrets/batch ### Description Retrieves multiple secrets in a single request. ### Method POST ### Endpoint /secrets/batch ### Parameters #### Request Body - **secret_ids** (array) - Required - A list of secret IDs to retrieve. - **id** (string) - The ID of the secret. ### Request Example ```json { "secret_ids": [ {"id": "db-password"}, {"id": "api-key"} ] } ``` ### Response #### Success Response (200) - **secrets** (object) - An object containing the retrieved secrets. - **secret_id** (string) - The secret value. #### Response Example ```json { "secrets": { "db-password": "mySuperSecretPassword123", "api-key": "abcdef1234567890" } } ``` ``` -------------------------------- ### Delete Agent API Source: https://api-docs.cyberark.com/sai-api Deletes a specific AI agent from the system. ```APIDOC ## DELETE /agents/{agentId} ### Description Deletes a specific AI agent from the system. ### Method DELETE ### Endpoint /agents/{agentId} ### Parameters #### Path Parameters - **agentId** (string) - Required - The unique identifier of the agent to delete. ### Response #### Success Response (204) No content returned on successful deletion. #### Response Example (No content) ``` -------------------------------- ### Delete Agent Source: https://api-docs.cyberark.com/sai-api/docs/secure-ai-api Deletes a specific AI agent by its ID. ```APIDOC ## DELETE /agents/{agentId} ### Description Deletes a specific AI agent by its ID. ### Method DELETE ### Endpoint /agents/{agentId} ### Parameters #### Path Parameters - **agentId** (string) - Required - The unique identifier of the agent to delete. ### Response #### Success Response (204) No content is returned upon successful deletion. #### Response Example (No content) ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.