CyberArk REST API
All available requests in CyberArk Privileged Account Security (PAS) REST API.
LAST UPDATED: v11.7
THIS IS UNOFFICIAL DOCUMENTATION
Getting Started Guide
Getting Started with REST Using Postman (PDF)
Postman Live Documentation
View CyberArk's Live Documentation and Postman Collection
Get Accounts via REST - PowerShell Example
This example demonstrates how to create a function in PowerShell for each REST call necessary and how to handle responses.
function PASREST-Logon {
# Declaration
$webServicesLogon = "$PVWA_URL/PasswordVault/api/auth/ldap/logon"
# Authentication
$bodyParams = @{username = "Svc_CyberArkAPI"; password = "password"} | ConvertTo-JSON
# Execution
try {
$logonResult = Invoke-RestMethod -Uri $webServicesLogon -Method POST -ContentType "application/json" -Body $bodyParams -ErrorVariable logonResultErr
Return $logonResult.Trim('"')
}
catch {
Write-Host "StatusCode: " $_.Exception.Response.StatusCode.value__
Write-Host "StatusDescription: " $_.Exception.Response.StatusDescription
Write-Host "Response: " $_.Exception.Message
Return $false
}
}
function PASREST-Logoff ([string]$Authorization) {
# Declaration
$webServicesLogoff = "$PVWA_URL/PasswordVault/api/auth/logoff"
# Authorization
$headerParams = @{}
$headerParams.Add("Authorization",$Authorization)
# Execution
try {
$logoffResult = Invoke-RestMethod -Uri $webServicesLogoff -Method POST -ContentType "application/json" -Header $headerParams -ErrorVariable logoffResultErr
Return $true
}
catch {
Write-Host "StatusCode: " $_.Exception.Response.StatusCode.value__
Write-Host "StatusDescription: " $_.Exception.Response.StatusDescription
Write-Host "Response: " $_.Exception.Message
Return $false
}
}
function PASREST-GetAccount ([string]$Authorization) {
# Declaration
$webServicesGA = "$PVWA_URL/PasswordVault/api/Accounts?Keywords=$Keywords&Safe=$Safe"
# Authorization
$headerParams = @{}
$headerParams.Add("Authorization",$sessionID)
# Execution
try {
$getAccountResult = Invoke-RestMethod -Uri $webServicesGA -Method GET -ContentType "application/json" -Headers $headerParams -ErrorVariable getAccountResultErr
return $getAccountResult
}
catch {
Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
Write-Host "Response:" $_.Exception.Message
return $false
}
}
# Global Declaration
$PVWA_URL = "https://components.cyberark.local"
$Keywords = "TestAccount"
$Safe = "TestSafe"
# Execute Logon
$sessionID = PASREST-Logon
# Error Handling for Logon
if ($sessionID -eq $false) {Write-Host "[ERROR] There was an error logging into the Vault." -ForegroundColor Red; break}
else {Write-Host "[INFO] Logon completed successfully." -ForegroundColor DarkYellow}
# Execute Get Accounts
$getAccountResult = PASREST-GetAccount -Authorization $sessionID
if ($getAccountResult -eq $false) {Write-Host "[ERROR] There was an error getting the account from the Vault."-ForegroundColor Red; break}
else {$getAccountResult.accounts | Format-Table -Property AccountID}
# Execute Logoff
$logoffResult = PASREST-Logoff -Authorization $sessionID
if ($logoffResult -eq $true) {Write-Host "[INFO] Logoff completed successfully." -ForegroundColor DarkYellow}
else {Write-Host "[ERROR] Logoff was not completed successfully. Please logout manually using Authorization token:" $sessionID -ForegroundColor Red}Support or Contact
SYMPTOM:
A delete request was sent to the Vault, and the following response was received: 405 Method not allowed.
PROBLEM:
The DELETE/PUT command is handled by the WebDAV instead of the Restful services.
SOLUTION:
- Edit the PVWA's
web.configfile. - Search for
<add name= "WebDAV" Path=......> - In that line search for the
DELETE&PUTcommand and delete them, leaving the other ones. - Save the file
- Restart IIS
Having trouble with CyberArk's REST API? Check out the /r/CyberArk subreddit on Reddit!
