RESTful API
Introduction
PAM360 APIs allow you to connect, interact and integrate with PAM360 directly. The APIs belong to the REpresentational State Transfer (REST) category. PAM360 APIs use the GET, PUT, and POST methods to offer a wide range of operations such as creating resources and adding accounts to them, adding SSL certificates and SSH keys, associating SSH keys with resources, retrieving passwords, retrieving resource/account details, updating passwords programmatically, sharing resources/accounts to users and so on.
Prerequisite
Creating API user accounts is the first step in the process of configuring REST APIs for Application-to-Application password management. Click here to know how to create an API user account.
APIs Summary
Methods Used to Invoke APIs
GET
To fetch resources, accounts, passwords, account/resource details
PUT
To change a password
POST
To create new resource and accounts
How to Make Use of the APIs?
Invoking the APIs
The APIs can be invoked via HTTP POST, GET and PUT requests. All parameters in the request should be form-urlencoded. For all the APIs you need to pass the AUTH token, which is mandatory.
Supported Format
PAM360 supports the JSON format and the URL structure for it is given below:
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
PAM360 provides a wide range of APIs to:
- Resources
1.1 Get the Resources Owned and Shared to a User
1.2 Create a New Resource
1.3 Get the Resource ID using the Resource Name
1.4 Delete a Resource in PAM360
1.5 Move Resource to Trash
1.6 Restore Resources from Trash
1.7 Get the Resource ID and Account ID
1.8 Edit Resources
1.9 Get License Keys, Files, Digital Certificates, Documents, Images, etc.
1.10 Fetch All Associated Remote App IDs
1.11 Fetch All Trashed Resources
1.12 Configure Remote Password Reset for MS SQL Resources - Accounts
2.1 Get the Accounts that are Part of a Resource
2.2 Get Details of an Account
2.3 Delete an Account Under a Specific Resource
2.4 Create Accounts Under a Specific Resource
2.5 Edit an Account Under a Specific Resource
2.6 Move Account to Trash
2.7 Restore Accounts from Trash
2.8 Fetch All Trashed Accounts - Passwords
3.1 Get the Password of an Account that is Part of a Resource
3.2 Change the Password of an Account
3.3 Generate Password
3.4 Configure Remote Password Reset for Linux Resources
3.5 Password Validator
3.6 Reset Passwords Accessed by User - Users
4.1 Create a User Account
4.2 Edit a User Account
4.3 Delete a User
4.4 Create an API User
4.5 Get the ID of a User
4.6 Import a User from Active Directory or Microsoft Entra ID
4.7 Delete a User with their Username
4.8 Add a User to a User Group
4.9 Lock a User
4.10 Unlock a User
4.11 Fetch All Users
4.12 Remove User from User Group
4.13 Regenerate Authtoken for a User
4.14 Transfer User Accountabilities - User Groups
5.1 Fetch User Group ID
5.2 Delete User Group
5.3 Fetch All User Groups - Resource Groups
6.1 Create Static and Dynamic Resource Groups
6.2 Associate a Resource to a Resource Group
6.3 Dissociate a Resource from a Resource Group
6.4 Fetch Resource Groups Associated to a Resource
6.5 Delete a Resource Group
6.6 Fetch Resource Group ID
6.7 Fetch All Resource Groups Of a User - Organizations
7.1 Get Organization Details
7.2 Manage Organization Access - Access Control
8.1 Request Password Approval by the Admin
8.2 Get the List of Password Requests
8.3 Reject a Password Request
8.4 Approve a Password Request
8.5 Check-in the Password Approved by the Admin
8.6 Checkout the Password Approved by the Admin - Sharing
9.1 Share a Resource to a User
9.2 Bulk Share Resources to Users
9.3 Share a Resource to a User Group
9.4 Bulk Share Resources to User Groups
9.5 Share an Account to a User
9.6 Bulk Share Accounts to Users
9.7 Share an Account to a User Group
9.8 Bulk Share Accounts to User Groups
9.9 Bulk Share Resource Groups to Users
9.10 Bulk Share Resource Groups to User Groups - Auditing
10.1 Get Audit Details
10.2 Fetch All SSL/SSH Audit Details - Agent
11.1 Generate and Fetch PAM360 Agent Key - Password Policy
12.1 Get Password Policies - Resource Types
13.1 Get all Resource Types - Two-Factor Authentication
14.1 Reset Two-Factor Authentication - Server
15.1 Fetch HA Status - SSH Keys
16.1 Create a New SSH Key
16.2 Delete an SSH Key
16.3 Fetch all the SSH keys
16.4 Fetch a Particular SSH Key
16.5 Fetch SSH Key Passphrase
16.6 Export an SSH Key
16.7 Get SSH Keys for a User
16.8 Fetch All Associated Users
16.9 Import an SSH Key
16.10 Associate an SSH Key
16.11 Dissociate an SSH Key
16.12 Export an SSH Key as a specific Key Type - SSL Certificates
17.1 Get an SSL Certificate
17.2 Get all SSL Certificates
17.3 Get all SSL Certificate Expiry
17.4 Get SSL Certificate Details
17.5 Get SSL Certificate Keystore
17.6 Get SSL Certificate Passphrase
17.7 Add an SSL Certificate
17.8 Delete an SSL Certificate
17.9 Perform SSL Certificate Discovery
17.10 Perform SSL Certificate Discovery (for a range of IP addresses)
17.11 Create SSL Certificate
17.12 Deploy an SSL Certificate
17.13 Share SSL Certificate to User
17.14 Share SSL Certificate to User Group
17.15 Share SSL Certificate Group to User
17.16 Share SSL Certificate Group to User Group
17.17 Revoke SSL Certificate from User
17.18 Revoke SSL Certificate from User Group
17.19 Revoke SSL Certificate Group from User
17.20 Revoke SSL Certificate Group from User Group
17.21 Create SSL Certificate Group
17.22 Delete SSL Certificate Group
17.23 Edit SSL Certificate Group
17.24 Generate an SSL Agent Install Key
17.25 Get an SSL certificate in different file formats
17.26 Fetch SSL Vulnerabilities Count
17.27 Discover SSL in Bulk from Files - CSR
18.1 Create CSR
18.2 Get CSR List
18.3 Import CSR
18.4 Sign CSR - PGP Keys
19.1 Fetch PGP Keys - Reports
20.1 Fetch All Users Report
20.2 Fetch All User Groups Report
20.3 Fetch All Resources Report
20.4 Fetch All Resource Groups Report
Note: Please note that each API call made to the PAM360 server requires the authentication token (AUTHTOKEN) to be passed in the request header only.
1. Resources
1.1 Get the Resources Owned and Shared to a User
Description
To get the list of resources which are owned by or shared to a user.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
GET
Input Data
None
Sample Request
curl -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>"https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources
Sample Output
In the output (as shown in the sample below), you will get all the resources owned and shared by the specific user.
{
"operation": {
"result": {
"message": "Resources fetched successfully",
"status": "Success"
},
"Details": [
{
"RESOURCE DESCRIPTION": "",
"RESOURCE TYPE": "WindowsDomain",
"RESOURCE URL": "https://www.manageengine.com",
"GATEWAY_SESSION_RECORDING": "true",
"RESOURCE ID": "2",
"WEB_SESSION_RECORDING": "true",
"RESOURCE NAME": "Domain",
"NOOFACCOUNTS": "3",
"AUTOLOGONLIST": [
"HTTPS Gateway"
],
"DNS NAME": "abcd.zoho.com"
},
{
"RESOURCE DESCRIPTION": "",
"RESOURCE TYPE": "Windows",
"RESOURCE URL": "www.manageengine.com",
"ALLOWOPENURLINBROWSER": "true",
"RESOURCE ID": "1",
"RESOURCE NAME": "Test1",
"NOOFACCOUNTS": "2",
"AUTOLOGONLIST": [],
"DNS NAME": ""
}
],
"name": "get_resources",
"totalRows": 2
}
}
1.2 Create a New Resource
Description
To create a new resource in PAM360.
Input Data
You need to pass input data such as name of the resource, account name, resource type, password, URL, description, notes and any other additional fields at the resource and account levels. You can add as many as 40 custom fields (20 each at resource and account levels). Of these, resource name, account name, resource type and password are mandatory.
INPUT_DATA={
"operation":{
"Details":{
"RESOURCENAME":"Windows Server",
"ACCOUNTNAME":"Administrator",
"RESOURCETYPE":"Windows",
"PASSWORD":"Test123#@!",
"NOTES":"Testing API",
"RESOURCEURL":"http://windowsserver/adminconsole",
"RESOURCEPASSWORDPOLICY":"Strong",
"ACCOUNTPASSWORDPOLICY":"Strong",
"RESOURCECUSTOMFIELD":[
{
"CUSTOMLABEL":"Secure Resource",
"CUSTOMVALUE":"YES"
}
],
"ACCOUNTCUSTOMFIELD":[
{
"CUSTOMLABEL":"Secure Account",
"CUSTOMVALUE":"YES"
}
]
}
}
}
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Sample Request
curl -X POST -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "content-Type: text/json" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources --data-urlencode "INPUT_DATA={\"operation\":{\"Details\":{\"RESOURCENAME\":\"Windows Server\",\"ACCOUNTNAME\":\"Administrator\",\"RESOURCETYPE\":\"Windows\",\"PASSWORD\" :\"Test@123\",\"RESOURCEPASSWORDPOLICY\":\"Strong\",\"ACCOUNTPASSWORDPOLICY\":\"Strong\",\"RESOURCECUSTOMFIELD\":[{\"CUSTOMLABEL\":\"Secure Resource\",\"CUSTOMVALUE\":\"YES\"}],\"ACCOUNTCUSTOMFIELD\":[{\"CUSTOMLABEL\":\"Secure Account\",\"CUSTOMVALUE\":\"YES\"}]}}}"
Sample Output
{"operation":{
"name":"CREATE RESOURCE",
"result":{
"status":"Success",
"message":"Resource Windows Server has been added successfully"
}
}
Note: If you want to add a new resource under Administrator/Password Administrator/Privileged Administrator an additional parameter "OWNERNAME" having the value of that particular user should be added to the resource details. While adding the resource to AD user, the username must be in the format "Domain-Name\\UserName".
INPUT_DATA={ "operation":{ "Details":{ "RESOURCENAME":"Windows Server", "ACCOUNTNAME":"Administrator", "RESOURCETYPE":"Windows", "PASSWORD":"Test@123", "NOTES":"Testing API", "RESOURCEURL":"http://windowsserver/adminconsole", "OWNERNAME":"admin", "RESOURCECUSTOMFIELD":[ { "CUSTOMLABEL":"Secure Resource", "CUSTOMVALUE":"YES" } ], "ACCOUNTCUSTOMFIELD":[ { "CUSTOMLABEL":"Secure Account", "CUSTOMVALUE":"YES" } ] } } }
Note: If you want to add a resource to a static resource group, an additional parameter "RESOURCEGROUPNAME" having the value of that particular resource group should be added to the resource creation input. If the group already exists, this resource will be added to that group; otherwise, a new group with the name specified here will be created.
INPUT_DATA={ "operation":{ "Details":{ "RESOURCENAME":"Windows Server", "ACCOUNTNAME":"Administrator", "RESOURCETYPE":"Windows", "PASSWORD":"Test123#@!", "NOTES":"Testing API", "RESOURCEURL":"http://windowsserver/adminconsole", "RESOURCEGROUPNAME":"Windows Servers", "RESOURCECUSTOMFIELD":[ { "CUSTOMLABEL":"Secure Resource", "CUSTOMVALUE":"YES" } ], "ACCOUNTCUSTOMFIELD":[ { "CUSTOMLABEL":"Secure Account", "CUSTOMVALUE":"YES" } ] } } }
Note: You can also add files as a separate resource in PAM360. To add a file as a new resource, the 'Content-Type' in the request has to be modified as shown in the sample below. Once you have modified, you just have to pass the file along with it.
INPUT_DATA={ "operation":{ "Details":{ "RESOURCENAME":"Active Directory", "ACCOUNTNAME":"Administrator", "RESOURCETYPE":"License Store", "PASSWORD":"Test123#@!", "NOTES":"Testing API", "RESOURCEURL":"http://windowsserver/adminconsole" } } }
Sample Request
curl -X POST -k -H "Content-Type: multipart/form-data" -F 'file=@standalonesample.txt' -F 'INPUT_DATA={"operation":{"Details":{"RESOURCENAME":"Windows erver","ACCOUNTNAME":"Administrator","RESOURCETYPE":"File Store", "PASSWORD":"Test123#@!","NOTES":"Testing API","RESOURCEURL":"http://windowsserver/adminconsole"}}}' 'https://<Host-Name-of-PAM360-Server OR IP-Address>ort>/ restapi/json/v1/resources?AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
(This API works from PAM360 build 7500 and above only)
Note: The following params can be added as resource attributes, such as Session Recording, Record Configured Resource URL, and Disable tab duplication. Also note that these params are available from build 7500 only.
- "RECORD_CONFIGURED_RESOURCE_URL": "false",
- "DISABLE_TAB_DUPLICATION": "false",
- "WEBSITE_SESSION_RECORDING": "false",
- "GATEWAY_SESSION_RECORDING": "false",
INPUT_DATA={\"operation\":{\"Details\":{\"RESOURCENAME\":\"Windows Server\",\"ACCOUNTNAME\":\"Administrator\",\"RESOURCETYPE\":\"Windows\",\"PASSWORD\" :\"Test@123\",\"RESOURCEPASSWORDPOLICY\":\"Strong\",\"RECORD_CONFIGURED_RESOURCE_URL\" : \"false\", \"DISABLE_TAB_DUPLICATION\": \"false\",
\"WEBSITE_SESSION_RECORDING\": \"false\", \"GATEWAY_SESSION_RECORDING\": \"false\", \"RESOURCEDESCRIPTION\" : \"Created for quality assurance\", \"ACCOUNTPASSWORDPOLICY\":\"Strong\",\"RESOURCECUSTOMFIELD\":[{\"CUSTOMLABEL\":\"Secure Resource\",\"CUSTOMVALUE\":\"YES\"}],\"ACCOUNTCUSTOMFIELD\":[{\"CUSTOMLABEL\":\"Secure Account\",\"CUSTOMVALUE\":\"YES\"}]}}}"
Sample Request
curl -X POST -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "content-Type: text/json" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources --data-urlencode "INPUT_DATA={\"operation\":{\"Details\":{\"RESOURCENAME\":\"Windows Server\",\"ACCOUNTNAME\":\"Administrator\",\"RESOURCETYPE\":\"Windows\",\"PASSWORD\" :\"Test@123\",\"RESOURCEPASSWORDPOLICY\":\"Strong\",\"RECORD_CONFIGURED_RESOURCE_URL\" : \"false\", \"DISABLE_TAB_DUPLICATION\": \"false\",
\"WEBSITE_SESSION_RECORDING\": \"false\", \"GATEWAY_SESSION_RECORDING\": \"false\", \"RESOURCEDESCRIPTION\" : \"Created for quality assurance\", \"ACCOUNTPASSWORDPOLICY\":\"Strong\",\"RESOURCECUSTOMFIELD\":[{\"CUSTOMLABEL\":\"Secure Resource\",\"CUSTOMVALUE\":\"YES\"}],\"ACCOUNTCUSTOMFIELD\":[{\"CUSTOMLABEL\":\"Secure Account\",\"CUSTOMVALUE\":\"YES\"}]}}}"
1.3 Get the Resource ID using the Resource Name
Description
To fetch the resource ID, you can provide the resource name alone in the URL.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/resourcename/{RESOURCENAME}
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
None
Sample Request
curl -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>"https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/resourcename/test
Sample Output
{"operation":{"name": "GET_RESOURCEID","result":{"status": "Success","message": "Resource ID fetched successfully for the given resource name."},
"Details":{"RESOURCEID": "1"}}
1.4 Delete a Resource in PAM360
Description
To delete a resource for the given resource ID. Resource ID can be obtained from the GET RESOURCES API (explained above).
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/{resourceid}
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
DELETE
Input Data
None
Sample Request
curl -X DELETE -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/2
Sample Output
{ "operation":{ "name":"DELETE RESOURCE" "result":{"status":"Success" "message":"Resources deleted successfully."}
}
1.5 Move Resource to Trash
(This API works from PAM360 build 7500 and above only)
Description
To move a resource owned by the user to trash.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/resources/{resourceid}
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
DELETE
Input Data
{
"operation": {
"Details": {
"deleteType": "trash"
}
}
}
Sample Output
{
"operation":{
"name":"DELETE RESOURCE"
"result":{"status":"Success"
"message":"Resource moved to trash successfully."}
}
1.6 Restore Resources from Trash
(This API works from PAM360 build 7500 and above only)
Description
To restore the resources owned by the user from the trash in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/trash/restore
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
PUT
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"type": "resource",
"trashIds":[1,2]
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Resources restored successfully",
"status": "Success",
"statusCode": 20000
},
"name": "RESTORE"
}
}
1.7 Get the Resource ID and Account ID
Description
To get the resource ID and account ID, you need to pass the resource name and account name in the URL.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/getResourceIdAccountId? RESOURCENAME=(Resourcename)&ACCOUNTNAME=(Account name)
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
None
Sample Request
curl -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" "https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/getResourceIdAccountId?RESOURCENAME=MSSQLServer&ACCOUNTNAME=system"
Sample Output
{"operation":{"name":"GET_RESOURCEACCOUNTID","result":{"status":"Success","message":"Resource ID and account ID fetched successfully for the given resource
name and account name." },
"Details":{"RESOURCEID":"303","ACCOUNTID":"307" }
}
}
1.8 Edit Resources
Description
To edit resources in PAM360.
URL
https://severname:port/restapi/json/v1/resources/{RESOURCEID}
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
PUT
Input Data
(Optional inputs are given in grey)
Sample Input
Note: If you want to edit resource type, an additional parameter "RESOURCETYPE" having the value of that particular resource type should be added to the input. While editing 'Resource Type' cannot be changed from Key Store, File Store, License Store, Rackspace, and AWS IAM to other resource types and viceversa.
INPUT_DATA={ "operation" : { "Details": { "RESOURCENAME" : "Test", "LOCATION" : "4th floor", "RESOURCEURL" : "http://test", "RESOURCEPASSWORDPOLICY":"Strong", "DEPARTMENT" : "Test", "RESOURCEDESCRIPTION" : "Created for quality assurance", "RESOURCETYPE" : "Windows", "RESOURCECUSTOMFIELD" : [ { "CUSTOMLABEL" : "Secure Resource", "CUSTOMVALUE" : "YES" } ] } } }
Sample Request
curl -X PUT -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/1 --data-urlencode "INPUT_DATA={\"operation\":{\"Details\":{\"RESOURCENAME\":\"Test\",\"LOCATION\":\"4thfloor\",\"RESOURCEURL\":\"http://test\",\"RESOURCEPASSWORDPOLICY\":\"Strong\",\"DEPARTMENT\": \"Test\", \"RESOURCEDESCRIPTION\" : \"Created for quality assurance\", \"RESOURCECUSTOMFIELD\" : [{\"CUSTOMLABEL\" : \"Secure Resource\", \"CUSTOMVALUE\" : \"YES\" }]}}}"
Input Data
(Applicable from build 7500 and above only)
Note: The following params can be added as resource attributes, such as Session Recording, Record Configured Resource URL, and Disable tab duplication. Also note that these params are available from build 7500 only.
- "RECORD_CONFIGURED_RESOURCE_URL": "false",
- "DISABLE_TAB_DUPLICATION": "false",
- "WEBSITE_SESSION_RECORDING": "false",
- "GATEWAY_SESSION_RECORDING": "false",
INPUT_DATA={ "operation" : { "Details": { "RESOURCENAME" : "Test", "LOCATION" : "4th floor", "RESOURCEURL" : "http://test", "RESOURCEPASSWORDPOLICY":"Strong", "DEPARTMENT" : "Test", "RECORD_CONFIGURED_RESOURCE_URL" : "false", "DISABLE_TAB_DUPLICATION": "false",
"WEBSITE_SESSION_RECORDING": "false", "GATEWAY_SESSION_RECORDING": "false", "RESOURCEDESCRIPTION" : "Created for quality assurance", "RESOURCETYPE" : "Windows", "RESOURCECUSTOMFIELD" : [ { "CUSTOMLABEL" : "Secure Resource", "CUSTOMVALUE" : "YES" } ] } } }
Sample Request
(Applicable from build 7500 and above only)
INPUT_DATA={ "operation" : { "Details": { "RESOURCENAME" : "Test", "LOCATION" : "4th floor", "RESOURCEURL" : "http://test", "RESOURCEPASSWORDPOLICY":"Strong", "DEPARTMENT" : "Test", "RECORD_CONFIGURED_RESOURCE_URL" : "false", "DISABLE_TAB_DUPLICATION": "false",
"WEBSITE_SESSION_RECORDING": "false", "GATEWAY_SESSION_RECORDING": "false", "RESOURCEDESCRIPTION" : "Created for quality assurance", "RESOURCETYPE" : "Windows", "RESOURCECUSTOMFIELD" : [ { "CUSTOMLABEL" : "Secure Resource", "CUSTOMVALUE" : "YES" } ] } } }
Sample Output
{"operation":{ "name":"EDIT RESOURCE", "result":{"status":"Success","message":"Resource Test modified successfully."}}}
1.9 Get License Keys, Files, Digital Certificates, Documents, Images, etc.
Description
To get files, keys, certificates, etc. that are either an individual resource or a part of other resources.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>/downloadfile
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
In case the setting at your end demands a reason to be supplied for downloading the file, you need to pass the following details as input. If the ticketing system is enabled, you need to pass ticket ID for validation.
INPUT_DATA={"operation":{
"Details":{
"REASON":"Need the key file to connect the remote host", //optional when reason is forced
"TICKETID":"7", // optional when ticketing system is enabled
"ISCUSTOMFIELD":"true" //optional Need to be given if the file to be downloaded is account/resource additional field file type
"CUSTOMFIELDTYPE":"ACCOUNT / RESOURCE" // optional -If its account additional field it must be ACCOUNT or if its resource
additional field it must be RESOURCE
"CUSTOMFIELDLABEL" : "LicenseFIle" // optional - Name of the resource/account additional field
}
}
}
Sample Request
curl -i -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>"https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/1501/accounts/3601/downloadfile
1.10 Fetch All Associated Remote App IDs
(This API works from PAM360 build 6320 and above only)
Description
To fetch remote app IDs associated with a resource in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<resource-id>/associated-remote-apps
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
GET
Input Data
None
Sample Output
{
"operation": {
"result": {
"message": "Remote apps associated with the provided resource have been fetched successfully.",
"status": "Success",
"statusCode": 20000
},
"Details": [
{
"name": "sample1",
"id": "1"
},
{
"name": "sample2",
"id": "2"
}
],
"name": "GET_REMOTEAPPS_ASSOCIATED_WITH_RESOURCE",
"totalRows": 2
}
}
1.11 Fetch All Trashed Resources
(This API works from PAM360 build 7500 and above only)
Description
To fetch the owned resources of a user that are trashed in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/trash
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
GET
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"type": "resource",
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Trashed resource fetched successfully.",
"status": "Success",
"statusCode": 20000
},
"Details": [
{
"resourceName": "test",
"trashId": 912,
}
],
"name": "GET_TRASH_DETAILS",
"totalRows": 1
}
}
1.12 Configure Remote Password Reset for MS SQL Resources
(This API works from PAM360 build 7500 and above only)
Description
To configure remote password reset for MS SQL resources available in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/resources/configureremotepasswordreset
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
POST
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"MSSQL_AUTHENTICATION": "mssql_auth|win_auth",
"MSSQL_PORT": "1433",
"WINAUTH_RESOURCE_NAME": "test",
"WINAUTH_ACCOUNT_NAME": "aaa1",
"MSSQL_ACCOUNT": "aaa1",
"CONNECTION_MODE": "SSL|NONSSL",
"RESOURCEIDS": [
"1"
],
"RESOURCETYPE": "MS SQL Server",
"MSSQL_INSTANCE_NAME": "sample"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Password reset details configured for the matching resources.",
"status": "Success"
},
"Details": {
"CONFIGURATION RESULT": [
{
"STATUS": "SUCCESS",
"RESOURCENAME": "test",
"RESOURCEID": "1"
}
]
},
"name": "CONFIGURE REMOTE PASSWORD RESET"
}
}
2. Accounts
2.1 Get the Accounts that are Part of a Resource
Description
To get the list of accounts and resource details present in the resource. Resource ID can be obtained from the GET RESOURCES API (explained above).
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<Resource ID>/accounts
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
None
Sample Request
curl -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>"https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/303/accounts
Sample Output
In the output (as shown in the sample below), you will get all the resources owned and shared by the specific API user.
{
"operation": {
"result": {
"message": "Resource details with account list fetched successfully",
"status": "Success"
},
"Details": {
"LOCATION": "",
"RESOURCE DESCRIPTION": "",
"RESOURCE TYPE": "WindowsDomain",
"RESOURCE ID": "2",
"ACCOUNT LIST": [
{
"ACCOUNT_DESCRIPTION": "",
"IS_PRIVATE_KEY_LOGIN_ENABLED": "false",
"ISFAVPASS": "false",
"ACCOUNT ID": "3",
"AUTOLOGONLIST": [
"Windows Remote Desktop",
"RDP Console Session",
"VNC",
"HTTPS Gateway"
],
"ACCOUNT NAME": "Admin",
"PASSWORDREQUEST_REASON_MANDATORY": "true",
"PASSWORD STATUS": "[Request]",
"ISREMOTEAPPONLY": "false",
"ACCOUNT PASSWORD POLICY": "Strong",
"IS_USER_WITH_COMMAND_CONTROL_ROLE": "true",
"AUTOLOGONSTATUS": "One of the resources or landing servers is configured to be connected repeatedly. Check your landing server configuration or contact your administrator.",
"IS_TICKETID_REQD_ACW": "false",
"IS_COMMAND_CONTROL_CONFIGURED": "false",
"PASSWDID": "3",
"IS_TICKETID_REQD_MANDATORY": "false",
"IS_TOTP_CONFIGURED": "false",
"IS_GATEWAY_SESSION_RECORDING_ENABLED": "true",
"IS_WEB_SESSION_RECORDING_ENABLED": "true",
"IS_TICKETID_REQD": "false",
"ISREASONREQUIRED": "false"
},
{
"ACCOUNT_DESCRIPTION": "",
"IS_PRIVATE_KEY_LOGIN_ENABLED": "false",
"ISFAVPASS": "false",
"ACCOUNT ID": "5",
"AUTOLOGONLIST": [
"Windows Remote Desktop",
"RDP Console Session",
"VNC",
"HTTPS Gateway"
],
"ACCOUNT NAME": "user-21",
"PASSWORDREQUEST_REASON_MANDATORY": "true",
"PASSWORD STATUS": "[Check Out]",
"ISREMOTEAPPONLY": "false",
"ACCOUNT PASSWORD POLICY": "Strong",
"IS_USER_WITH_COMMAND_CONTROL_ROLE": "true",
"AUTOLOGONSTATUS": "One of the resources or landing servers is configured to be connected repeatedly. Check your landing server configuration or contact your administrator.",
"IS_TICKETID_REQD_ACW": "false",
"DOMAIN_ACCESS_SELECTED_OPTION": "3",
"IS_COMMAND_CONTROL_CONFIGURED": "false",
"DOMAIN_ACCESS_SELECTED_RESOURCEIDS": [
1,
301,
302
],
"PASSWDID": "5",
"IS_TICKETID_REQD_MANDATORY": "false",
"IS_TOTP_CONFIGURED": "false",
"IS_GATEWAY_SESSION_RECORDING_ENABLED": "true",
"IS_WEB_SESSION_RECORDING_ENABLED": "true",
"IS_TICKETID_REQD": "false",
"ISREASONREQUIRED": "false"
}
],
"DEPARTMENT": "",
"PASSWORDREQUEST_REASON_MANDATORY": "true",
"RESOURCE OWNER": "admin",
"RESOURCE PASSWORD POLICY": "Strong",
"IS_LOCAL_ACCOUNTS_AUTOLOGON_RESTRICTED": "true",
"RESOURCE URL": "https://www.manageengine.com",
"IS_SSH_RESTRICTED": "false",
"NEWSSHTERMINAL": "false",
"IS_TOTP_SUPPORTED": "true",
"DOMAIN NAME": "",
"ALLOWOPENURLINBROWSER": "true",
"RESOURCE NAME": "Domain",
"DNS NAME": "",
"ISRDPRESTRICTED": "true"
},
"name": "get_resourceaccountlist"
}
}
Note: If password access control had been enabled AND If the password status is 'IN USE', you will see the output as [ In use ].
2.2 Get Details of an Account
Description
To get the details of an account that is part of a resource, you need to pass both Resource ID and Account ID to fetch the required details.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
None
Sample Request
curl -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>"https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/303/accounts/307
Sample Output
{ "operation":{ "name":"GET RESOURCE ACCOUNT DETAILS", result":{ status":"Success", message":"Account details fetched successfully" }, "Details":{ "DESCRIPTION":"", "LAST ACCESSED TIME":"N/A", "LAST MODIFIED TIME":"Sep 10, 2013 3:33 PM", "PASSWORD STATUS":"*****", "PASSWDID":"307", "CUSTOM FIELD":[ { "CUSTOMFIELDVALUE": "56455567", "CUSTOMFIELDTYPE":"Numeric", "CUSTOMFIELDLABEL":"Account LIC Number", "CUSTOMFIELDCOLUMNNAME":"COLUMN_LONG1" }, { "CUSTOMFIELDVALUE": "Sep 10, 2013", "CUSTOMFIELDTYPE":"Date", "CUSTOMFIELDLABEL":"Acc creation date", "CUSTOMFIELDCOLUMNNAME":"COLUMN_DATE1" }, { "CUSTOMFIELDVALUE": "Test12345", "CUSTOMFIELDTYPE":"Password", "CUSTOMFIELDLABEL":"Secondary Password", "CUSTOMFIELDCOLUMNNAME":"COLUMN_SCHAR1" }, { "CUSTOMFIELDVALUE": "YES", "CUSTOMFIELDTYPE":"Character", "CUSTOMFIELDLABEL":"Secure Account", "CUSTOMFIELDCOLUMNNAME":"COLUMN_CHAR1" } ] } } }
2.3 Delete an Account under a Specific Resource
Description
To delete an account under a specific resource.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
DELETE
Sample Request
curl -X DELETE -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "Content-Type: text/json" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/1/accounts/1
Sample Output
{ "operation":{
"name":"DELETE ACCOUNT",
"result":{"status":"Success","message":"Account Test123 deleted successfully."}}}
2.4 Create Accounts under a Specific Resource
Description
To create multiple accounts that are associated with a specific resource ID.
Input Data
You need to pass input data such as account list, name of the accounts, passwords, description.
The params RECORD_RDP_SESSIONS, RECORD_CLI_SESSIONS, DISABLE_PASSWORD_RESETS, CONFIGURE_PASSWORD_RESET, ACCOUNT_RESOURCE_GROUP_IDS, IIS_WEB_CONFIG_RESET, IIS_APP_POOL_RESTART, IIS_APP_POOL_RESET, SERVICES_RESTART, SERVICES_RESET and SCHEDULED_TASK_RESET are available from build 6000 and above only, and the params GATEWAY_SESSION_RECORDING and WEBSITE_SESSION_RECORDING are available from build 7400 and above only.
INPUT_DATA={
"operation":{
"Details":{
"ACCOUNTLIST": [
{
"ACCOUNTNAME":"bestest013",
"PASSWORD":"Pa$$Word@124",
"ACCOUNTPASSWORDPOLICY":"Strong",
"RECORD_RDP_SESSIONS":true,
"RECORD_CLI_SESSIONS":true,
"DISABLE_PASSWORD_RESETS":true,
"CONFIGURE_PASSWORD_RESET":true,
"ACCOUNT_RESOURCE_GROUP_IDS":["3002","3003"],
"IIS_WEB_CONFIG_RESET":true,
"IIS_APP_POOL_RESTART":true,
"IIS_APP_POOL_RESET":true,
"SERVICES_RESTART":true,
"SERVICES_RESET":true,
"SCHEDULED_TASK_RESET":true,
"NOTES":"IT Security - BES PAM API Test"
},
{
"ACCOUNTNAME":"bestest113",
"PASSWORD":"Pa$$Word@123",
"ACCOUNTPASSWORDPOLICY":"Strong",
"RECORD_RDP_SESSIONS":true,
"RECORD_CLI_SESSIONS":true,
"DISABLE_PASSWORD_RESETS":true,
"CONFIGURE_PASSWORD_RESET":true,
"ACCOUNT_RESOURCE_GROUP_IDS":["3002","3003"],
"IIS_WEB_CONFIG_RESET":true,
"IIS_APP_POOL_RESTART":true,
"IIS_APP_POOL_RESET":true,
"SERVICES_RESTART":true,
"SERVICES_RESET":true,
"SCHEDULED_TASK_RESET":true,
"NOTES":"IT Security - BES PAM API Test"
"GATEWAY_SESSION_RECORDING": "true",
"WEBSITE_SESSION_RECORDING": "true"
} ] } } }
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<Resource ID>/accounts
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Sample Request
curl -X POST -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "Content-Type: text/json" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/1/accounts --data-urlencode "INPUT_DATA={\"operation\":{ \"Details\":{ \"ACCOUNTLIST\": [{ \"ACCOUNTNAME\": \"bestest047\",\"PASSWORD\":\"Pa$$Word@123\",\"ACCOUNTPASSWORDPOLICY\":\"Strong\",\"NOTES\":\"IT Security - BES PAM360 API Test\"},{\"ACCOUNTNAME\":\"bestest048\", \"PASSWORD\":\"Pa$$Word@123\",\"ACCOUNTPASSWORDPOLICY\":\"Strong\",\"NOTES\":\"IT Security - BES PAM360 API Test\"}]}}}"
Sample Output
{"operation":
{"name":"ADD ACCOUNTS","result":
{"status":"Success","message":"Account added successfully"},
"Details":[
{"bestest047":{"STATUS":"Account added successfully"},
"bestest048":{"STATUS":"Account added successfully"}}]}}
2.5 Edit an Account under a Specific Resource
Description
To edit an account under a specific resource.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
PUT
Sample Input
The params RECORD_RDP_SESSIONS, RECORD_CLI_SESSIONS, DISABLE_PASSWORD_RESETS, CONFIGURE_PASSWORD_RESET, ACCOUNT_RESOURCE_GROUP_IDS, IIS_WEB_CONFIG_RESET, IIS_APP_POOL_RESTART, IIS_APP_POOL_RESET, SERVICES_RESTART, SERVICES_RESET and SCHEDULED_TASK_RESET are available from build 6000 and above only, and the params GATEWAY_SESSION_RECORDING and WEBSITE_SESSION_RECORDING are available from build 7400 and above only.
INPUT_DATA=
{
"operation":{
"Details":{
"ACCOUNTNAME":"bestest013",
"ACCOUNTPASSWORDPOLICY":"Strong",
"RECORD_RDP_SESSIONS":true,
"RECORD_CLI_SESSIONS":true,
"DISABLE_PASSWORD_RESETS":true,
"CONFIGURE_PASSWORD_RESET":true,
"ACCOUNT_RESOURCE_GROUP_IDS":["3002","3003"],
"IIS_WEB_CONFIG_RESET":true,
"IIS_APP_POOL_RESTART":true,
"IIS_APP_POOL_RESET":true,
"SERVICES_RESTART":true,
"SERVICES_RESET":true,
"SCHEDULED_TASK_RESET":true,
"NOTES":"IT Security - BES PAM API Test"
"GATEWAY_SESSION_RECORDING": "true",
"WEBSITE_SESSION_RECORDING": "true"
}} }
Sample Request
curl -X PUT -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "Content-Type: text/json" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/1/accounts/1 --data-urlencode "INPUT_DATA={\"operation\":{ \"Details\":{\"ACCOUNTNAME\" : \"Test account\",\"ACCOUNTPASSWORDPOLICY\":\"Strong\",\"NOTES\":\"Created for quality assurance\", \"ACCOUNTCUSTOMFIELD\" : [{\"CUSTOMLABEL\" : \"Secure Account\", \"CUSTOMVALUE\" : \"YES\"}]}}}"
Sample Output
{"operation":{ "name":"EDIT ACCOUNT", "result":{"status":"Success","message":"Account Test account modified successfully"}}}
2.6 Move Account to Trash
(This API works from PAM360 build 7500 and above only)
Description
To move the account owned by the user to trash in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/resources/{resourceid}/accounts/{accountid}
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
DELETE
Input Data
{
"operation": {
"Details": {
"deleteType": "trash"
}
}
}
Sample Output
{
"operation":{
"name":"DELETE ACCOUNT"
"result":{"status":"Success"
"message":"Account moved to trash successfully."}
}
2.7 Restore Accounts from Trash
(This API works from PAM360 build 7500 and above only)
Description
To restore the accounts owned by the user from the trash in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/trash/restore
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
PUT
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"type": "account"
"trashIds": [1,2]
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Accounts restored successfully",
"status": "Success",
"statusCode": 20000
},
"name": "RESTORE"
}
}
2.8 Fetch All Trashed Accounts
(This API works from PAM360 build 7500 and above only)
Description
To fetch the owned accounts of a user that are trashed in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/trash
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
GET
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"type": "account",
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Trashed account fetched successfully.",
"status": "Success",
"statusCode": 20000
},
"Details": [
{
"resourceName": "Windows Server",
"accountName": "test",
"trashId": 909
}
],
"name": "GET_TRASH_DETAILS",
"totalRows": 1
}
}
3. Passwords
3.1 Get the Password of an Account that is Part of a Resource
Description
To get the password of an account that is part of a resource, you need to pass both Resource ID and Account ID to fetch the required details.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>/password
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
In case the setting at your end demands a reason to be supplied for retrieving a password, you need to pass the following details as input. If the ticketing system is enabled, you need to pass ticket ID for validation.
INPUT_DATA={"operation":{"Details":{"REASON":"Need the password to Login Windows Server","TICKETID":"7"}}}
Sample Request
curl -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>"https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/303/accounts/307/password
curl -X GET -k -H "Content-Type: text/json" -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/2/accounts/2/password --data-urlencode INPUT_DATA={"operation":{"Details":{"REASON":"Need the password to Login Windows Server"}}}
Sample Output
{
"operation":{
"name":"GET PASSWORD",
"result":{
"status": "Success",
"message":"Password fetched successfully" },
"Details":{
"PASSWORD":"fqxdB7ded@4" }
}
}
Note: If there occurs any problem on retrieving password, the reason will be displayed as part of message.
3.2 Change the Password of an Account
Description
To change the password of an account that is part of a resource, you need to pass both Resource ID and Account ID to fetch the required details. If the ticketing system is enabled, you need to pass ticket ID for validation.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>/password
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
PUT
Input Data
You need to pass input data such as new password, reset type and reason. Reset type should be either LOCAL or REMOTE.
INPUT_DATA={
"operation":{
"Details":{
"NEWPASSWORD":"Test@12345$",
"RESETTYPE":"LOCAL",
"REASON":"Password Expired",
"TICKETID":"7"
}
}
}
Sample Request
curl -X PUT -k -H "AUTHTOKEN<<Authtoken_generated_from_PAM360>>" https:/<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/2/accounts/2/password --data-urlencode INPUT_DATA={"operation":{"Details":{"NEWPASSWORD":"Test12345$","RESETTYPE":"LOCAL","REASON":"test","TICKETID":"7"}}}
Sample Output
{"operation":{"name":"CHANGE PASSWORD","result":{"status":"Success","message":"Password changed successfully" }
}
}
Note: If there occurs any problem on changing password, the reason will be displayed as part of message.
3.3 Generate Password
Description
Method to generate passwords using existing policies in PAM360.
URL
https:// <Host-Name-of-PAM360-Server OR IP-Address> :<Port>/restapi/json/v1/passwords/generate
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
INPUT_DATA={ "operation" : { "Details" : { "POLICY" : "Strong"}}}
Sample Output
{
"operation": {
"name": "GENERATE PASSWORD",
"result": {
"status": "Success",
"message": "Password generated successfully." },
"Details": {
"PASSWORD": "u%mdh7gfN" }
}
}
3.4 Configure Remote Password Reset for Linux Resources
(This API works from PAM360 build 5100 and above only)
Description
To configure remote password reset for Linux resources
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/configureremotepasswordreset
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
INPUT_DATA={"operation": { "Details": { "REMOTEMODE":"ssh|telnet", // Default value - ssh "LINUX_SSHTELNETPORT":"22", "LINUX_USERPROMPT":"$", "LINUX_LANDINGSERVER":"test", "RESOURCEIDENTIFIER":"linux | others", // Default value - linux "WDRESOURCEID":"1", "WDACCOUNTID":"1", "REMOTELOGINACCOUNT":"test", "AUTHENTICATION":"passauth | keyauth", // Default value -passauth "ELEVATIONTYPE":"su | sudo", // Default value - sudo "ROOTACCOUNT":"root", "LINUXROOTUSERPROMPT":"#", "RESOURCEIDS":["301","302","601"], "RESOURCETYPE":"Linux", "REMOVEENTER":"true | false" // Default value - false}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/configureremotepasswordreset
Sample Response
{"operation":{ "result":{ "message": "Password reset details configured for the matching resources.", "status": "Success"}, "Details":{ "CONFIGURATION RESULT":[{ "STATUS": "SUCCESS", "RESOURCENAME": "pam360-os1.win.domain.com", "RESOURCEID": "3"},{ "STATUS": "SUCCESS", "RESOURCENAME": "DC-u16.lin.domain.com", "RESOURCEID": "4"}]}, "name": "CONFIGURE REMOTE PASSWORD RESET"}}
3.5 Password Validator
(This API works from PAM360 build 6000 and above only)
Description
To validate the given password based on password policy.
URL
https://<Host-Name-of-PAM360-Server OR IPddress>:<Port>/restapi/json/v1/passwords/validate
Headers
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
POST
Sample Input
INPUT_DATA={
"operation":{
"details":{
"password": "Test@123",
// Either passwordPolicy or passwordPolicyId should be given
"passwordPolicy": "Strong",
"passwordPolicyId":"1"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Valid",
"status": "Success",
"statusCode": 20000
},
"name": "VALIDATE_PASSWORD"
}
}
3.6 Reset Passwords Accessed by User
(This API works from PAM360 build 7500 and above only)
Description
To reset all the passwords that are owned by a user and those shared with them in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/user/<UserId>/resetOwnedAndSharedPasswords
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
POST
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"emailIdsToNotify": [admin@admin.com,guest@guest.com]
}
}
}
Sample Output
{
"operation":{
"result":{
"message":"Reset triggered for all owned and shared passwords. Consolidated results will be sent through email.",
"status":"Success",
"statusCode":20000
},
"name":"RESET_OWNED_AND_SHARED_PASSWORDS"
}
}
}
4. Users
4.1 Create a User Account
Description
To add a new user to PAM360. This API allows you to create users without any obligatory enforcement of a password.
URL
https:// <Host-Name-of-PAM360-Server OR IP-Address> :<Port>/restapi/json/v1/user
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
POST
Input Data
INPUT_DATA={"operation": {"Details":{"USERNAME":"jason1", "FIRSTNAME":"Jason","LASTNAME":"J","FULLNAME":"JasonThomas","EMAIL":"jason@opmanager.com","POLICY":"Strong","ROLE":"Password User","ISSUPERADMIN":"true|false","PASSWORD":"Test@123","DEPARTMENT":"NOC","LOCATION":"Level 10 - South Wing","ISAPIUSER":"false","HOSTNAME":"admin-2100","EXPIRYDATE":"yyyy-mm-dd|NeverExpires"}}}
Input Data
(Applicable from build 6700 and above only)
Notes:
1. User accounts can be created with the following access as required: Web Access, REST and Application Access or REST API only access depending upon the requirements.
2. Utilizing the ISAPIUSER parameter enables the creation of an exclusive REST API user.
INPUT_DATA=
{
"operation":{
"Details":{
//User Details
"FIRSTNAME":"Jason",
"LASTNAME":"J",
"USERNAME":"Jason",
"EMAIL":"jason@opmanager.com",
"ROLE":"administrator",
"DEPARTMENT":"NOC",
"LOCATION":"Level 10 - South Wing",
"ISSUPERADMIN":false,
//Web Access - To provide the user with PAM360 web access
"WEBACCESS":true,
"POLICY":"Strong",
"PASSWORD":"Test@123",
"ENABLEMOBILEACCESS":true,
"ENABLEADDONACCESS":true,
"REMOTECONNECTACCESS":true,
"REMOTECONNECTVIASSHPROXY":false,
"LANGUAGECODE":"english",
"ENABLETWOFACTOR":true,
"RSAUSERNAME":"Jason",
"RADIUSUSERNAME":"Jason",
"PHONEFACTOR_USERNAME":"Jason",
"DUOUSERNAME":"Jason",
"PRIMARYCONTACT":"Mobile",
"MOBILE_COUNTRYCODE":"91",
"MOBILE":"9876543210",
"LANDLINE":"12312311",
"LANDLINE_COUNTRYCODE":"355",
"LANDLINE_EXT":"907",
//REST and Application Access - To provide the user with REST and/or SDK access
"RESTAPIACCESS":true,
"SDKACCESS":true,
"ISAPIUSER":true,//To create strict REST API user
"OWNERNAMEOPTION":false,
"EXPIRYDATE":"2024-10-30",
"HOSTCHECK":true,
"HOSTNAME":"john-1234"
}
}
}
Sample Output
{
"operation":{
"result": {
"message": "User Created Successfully.",
"status": "Success",
},
"Details": {
"USERID": "302"
},
"name": "CREATE_USER"
}
}
4.2 Edit a User Account
(This API is applicable from build 6700 and above only)
Description
To edit a user account.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/{userid}
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org diaplay name>>
HTTP Method
PUT
Input Data
{
"operation": {
"Details": {
"FIRSTNAME": "Jason",
"LASTNAME": "J",
"EMAIL": "jason@opmanager.com",
"POLICY": "Strong",
"ROLE": "Password User",
"ISSUPERADMIN":false,
"DEPARTMENT": "NOC",
"LOCATION": "Level 10 - South Wing",
"WEBACCESS":true,
"ENABLEMOBILEACCESS": false,
"ENABLEADDONACCESS": false,
"REMOTECONNECTACCESS":true,
"REMOTECONNECTVIASSHPROXY":false,
"LANGUAGECODE": "English",
"ENABLETWOFACTOR": false,
"RADIUSUSERNAME": "Jackson",
"RSAUSERNAME": "Jackson",
"PHONEFACTOR": "Jackson",
"DUOUSERNAME": "Jackson",
"PRIMARYCONTACT": "Mobile",
"MOBILE_COUNTRYCODE": "91",
"MOBILE":"9876543210",
"LANDLINE": "12312311",
"LANDLINE_COUNTRYCODE": "355",
"LANDLINE_EXT": "907",
"RESTAPIACCESS": true,
"SDKACCESS":true,
"ISAPIUSER":true,
"EXPIRYDATE": "yyyy-mm-dd",
"OWNERNAMEOPTION": true,
"HOSTCHECK":true,
"HOSTNAME":"john-1234"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "User edited successfully.",
"status": "true"
},
"Details": {},
"name": "EDIT_USER"
}
}
4.3 Delete a User
Description
Method to delete a specific user.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/{userid}
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
DELETE
Sample Request
curl -X DELETE -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "Content-Type: text/json" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/307
Sample Output
{"operation":{"name":"DELETE USER","result":{"status":"Success","message":"User Michael deleted Successfully"} } }
4.4 Create an API User
Description
Method to create an API user.
URL
https:// <Host-Name-of-PAM360-Server OR IP-Address> :<Port>/restapi/json/v1/user
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
INPUT_DATA={"operation":{"Details":{"USERNAME":"jason","FULLNAME":"Jason
Thomas","EMAIL":"jason@opmanager.com","POLICY":"Strong","ROLE":"Password
User","ISSUPERADMIN":"true|false","DEPARTMENT":"NOC","LOCATION":"Level 10 - South
Wing","ISAPIUSER":"true","HOSTNAME":"admin-2100","EXPIRYDATE":"yyyy-mm-dd|NeverExpires"}}}
Sample Output
{"operation":{"name":"CREATE_USER","result":{"status":"Success","message":"SUCCESS"},
"Details":{"AUTHTOKEN":"7DxxxAB-CAxxB-44xx5-8xx9-9317xxxxxEF0"}}}
4.5 Get the ID of a User
Description
To get the ID of a user by passing their username.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/getUserId
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
GET
Input Data
None
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/getUserId?USERNAME=user1
Sample Response
{ "operation": { "name":"get_USERID", "result": { "status":"Success","message":"User Id for the specified username have been
fetched successfully"},"Details":{"USERID":"1"}}}
4.6 Import a User from Active Directory or Microsoft Entra ID
(This API works from PAM360 build 7000 and above only)
Description
To import a user from Active Directory or Microsoft Entra ID into PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/directories/users/import
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
POST
Input Data
INPUT_DATA= { "operation": { "Details": { "directoryCode": "0", "domainName": "PAM.AD.DOMAIN.COM", "userName": "admin" "groupNames": ["Administrator", "Backup Operators", ... ] "role": "Password User", "languageCode": "en", "enableTwoFactorAuthentication": true } } }
Notes:
- If the group name contains special characters, ensure that the escape character (\) is added before each special character.
- Language codes: en - English, zh - Chinese, ja - Japanese, de - German, es - Spanish, fr - French, pl - Polish, tr - Turkish, zh_tw - Chinese (Traditional), pt - Portuguese, nl - Dutch, it - Italian, ru - Russian, iw - Hebrew.
- Directory codes: Enter 0 for Active Directory and 1 for EntraID.
- The directory code, domain name, and username are mandatory fields, whereas the group name, role, language and TFA are optional fields.
- If preferences for role, language and TFA are not specified in the input data, default options will be used.
Sample Request
curl -X POST -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/directories/users/import --data-urlencode "INPUT_DATA={\"operation\":{\"Details\":{\"directoryCode\":\"0\", \"userName\": \"<<Username_In_Respective_Directory>>\", domainName: \"<<Registered_Domain_Name_In_PAM360>>\", \"groupNames\":[\"<<PAM360_Group_Name>>\"], \"role\":\"password user\", \"languageCode\":\"en\", \"enableTwoFactorAuthentication\": \"false\"}}}"
Sample Response
{ "operation": { "result": { "message": "The specified user has been imported successfully and added to the following groups: Administrator, Backup Operators.", "status": "Success", "statusCode": 20000 }, "details": { "userId": 1 } "name": "IMPORT_USER" } }
- While importing a user, if a specified group does not already exist within PAM360, the user will be imported, but the user group will not be created. Any attempt to add a user to that non-existent group will be disregarded.
- Exercise caution while entering the domain name and username, as during the Entra ID import process, the username (LoginName) is combined with the domainName. For example, if the username is "admin" and the domainName is "microsoft.com", the resulting appended value becomes "admin@microsoft.com".
4.7 Delete a User with their Username
Description
To delete a user by passing their username.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user?USERNAME=(username)
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
DELETE
Input Data
None
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user?USERNAME=admin1
Sample Response
{"operation":{"name":"DELETE USER","result":{"status":"Success","message":"User admin1 deleted successfully"}}}
4.8 Add a User to a User Group
Description
To add a user to a user group by passing their username and the user group to which they should be added.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/addUserToUserGroup?USERNAME=(username)&USERGROUPNAME=(usergroupname)
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
POST
Input Data
None
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/addUserToUserGroup?USERNAME=admin1&USERGROUPNAME=TestGroup
Sample Response
{"operation":{"name":"ADD USER TO USERGROUP","result":{"status":"Success","message":"User admin1 added to User Group TestGroup successfully"},"Details":{"USERGROUPID":"2"}}}
4.9 Lock a User
Description
To lock a user by passing their username.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/lock?USERNAME=(username)
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
PUT
Input Data
None
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/lock?USERNAME=apiuser
Sample Response
{"operation":{"name":"LOCK USER","result":{"status":"Success","message":"User account apiuser locked successfully."}}}
4.10 Unlock a User
Description
To unlock a user by passing their username.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/unlock?USERNAME=(username)
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
PUT
Input Data
None
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/unlock?USERNAME=apiuser
Sample Response
{"operation":{"name":"UNLOCK USER","result":{"status":"Success","message":"User account apiuser unlocked successfully. "}}}
4.11 Fetch All Users
(This API works from PAM360 build 6320 and above only)
Description
To fetch all users details.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
GET
Note: The default limit, 100, will be applied if the "limit" is not specified.
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"limit": 3,
"startIndex": 1,
"searchValue": "admin@zohocorp.com",
"searchColumn": "userId|userName|email|role|department|location|orgName|isApiUser|isTfaEnabled|isSuperAdmin|isUserLocked",
"searchOperator": "contains|doesNotContain|equals|notEquals|startsWith|endsWith"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "User(s)' details have been fetched successfully.",
"status": "Success",
"statusCode": 20000
},
"Details": [
{
"role": "Privileged Administrator",
"isApiUser": false,
"isSuperAdmin": false,
"userName": "admin",
"isTfaEnabled": false,
"userId": 1,
"isAddonAccessEnabled": true,
"isUserLocked": false,
"dateCreated": "2023-06-15 11:27:21.11",
"trustScore": "66",
"location": "",
"department": "",
"isMobileAccessEnabled": true,
"email": "aaaadmin@zohocorp.com"
"hostName": "N/A",
"isWebAccessEnabled": true,
"authtokenAccessValidity": "N/A",
isHostNameValidationEnabled": false,
},
{
"role": "Password User",
"isApiUser": false,
"isSuperAdmin": false,
"userName": "guest",
"isTfaEnabled": false,
"userId": 2,
"isAddonAccessEnabled": true,
"isUserLocked": false,
"dateCreated": "2023-06-15 11:27:21.11",
"trustScore": "N/A",
"location": "",
"department": "",
"isMobileAccessEnabled": true,
"email": "guest@zohocorp.com"
"hostName": "N/A",
"isWebAccessEnabled": true,
"authtokenAccessValidity": "N/A",
isHostNameValidationEnabled": false,
},
{
"role": "Administrator",
"isApiUser": true,
"isSuperAdmin": false,
"userName": "apiAdmin",
"isTfaEnabled": false,
"userId": 301,
"isAddonAccessEnabled": false,
"isUserLocked": false,
"dateCreated": "2023-06-15 11:37:50.345",
"trustScore": "N/A",
"location": "",
"department": "",
"isMobileAccessEnabled": false,
"email": "user1@zohocorp.com"
"hostName": "admin-2100",
"isWebAccessEnabled": true,
"authtokenAccessValidity": "2024-10-02 00:00:00.0",
isHostNameValidationEnabled": true,
}
],
"name": "GET_USER(S)",
"totalRows": 3
}
}
4.12 Remove User from User Group
(This API works from PAM360 build 6000 and above only)
Description
To remove a user from a user group in a specific organization.
URL
https://<Host-Name-of-PAM360-Server OR IPddress>:<Port>/restapi/json/v1/user/removeUserFromUserGroup
Headers
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
POST
Sample Input
INPUT_DATA={
"operation":{
"Details":{
"USERIDS":[1,2],
"USERGROUPIDS":[2,3]
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Users removed from User Group Successfully",
"status": "Success"
},
"Details": {
"RESULT": [
{
"USERID": "1",
"message": "User Removed Successfully",
"USERGROUPID": "2",
"status": "Success"
},
{
"USERID": "1",
"message": "User does not exist in the User Group",
"USERGROUPID": "3",
"status": "Failed"
},
{
"USERID": "2",
"message": "User does not exist in the User Group",
"USERGROUPID": "2",
"status": "Failed"
},
{
"USERID": "2",
"message": "User Removed Successfully",
"USERGROUPID": "3",
"status": "Success"
}
]
},
"name": "REMOVE USER FROM USER_GROUP"
}
}
4.13 Regenerate Authentication Token
(This API works from PAM360 build 6700 and above only)
Description
To regenerate the authentication token of the user.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/regenerateAuthtoken
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
PUT
Input Data
None
Sample Output
{
"operation": {
"result": {
"message": "Authtoken regenerated successfully.",
"status": "true",
"statusCode": 20000
},
"Details": {
"AUTHTOKEN": "37F5E238-7E33-4F59-87AE-FDFEF82D1AE0"
},
"name": "REGENERATE_AUTHTOKEN"
}
}
4.14 Transfer User Accountabilities
(This API works from PAM360 build 7200 and above only)
Description
To transfer the assets and responsibilities owned by a user to another PAM360 user.
URL
https://<Host-Name-of-PAM-Server OR IP-Address>:<Port>/restapi/json/v1/user/transferUserAccountabilities
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<Organization-Display-Name>
HTTP Method
POST
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"oldUserId": 309,
"newUserId": 582,
}
}
}
Sample Output
{
"operation":{
"result":{
"message": "The following accountabilities were transferred from admin-11h to admin-11k: Owned Resources, Resource Groups, SSH Keys and SSL Certificates, Scheduled Tasks, Access Control Privileges, Access Policies, ME Integration, Notifications, MSP Organization Permissions and Password Reset Capabilities.",
"status": "Success",
"statusCode": 20000
},
"name": "TRANSFER_USER_ACCOUNTABILITIES"
}
}
5 User Groups
5.1 Fetch UserGroupID
(This API works from PAM360 build 5100 and above only)
Description
To fetch the UserGroupID of a user group
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/getUserGroupId?USERGROUPNAME=<usergroupname>
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
GET
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/getUserGroupId?USERGROUPNAME=<usergroupname>
Sample Response
{"operation":{"name":"GET_USERGROUPID","result":{"status":"Success","message":"Usergroup Id for the specified usergroup name have been fetched successfully. "},"Details":{"USERGROUPID":"1"}}}
5.2 Delete User Group
(This API works from PAM360 build 6000 and above only)
Description
To delete user groups from a specific organization.
URL
https://<Host-Name-of-PAM360-Server OR IPddress>:<Port>/restapi/json/v1/userGroup
Headers
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
DELETE
Sample Input
INPUT_DATA={
"operation": {
"details": {
"userGroupIds": [1231,24553]
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "User group(s) has been deleted successfully.",
"status": "Success",
"statusCode": 20000
},
"Details": {
"1231": {
"message": "Invalid User group Id.",
"status": "Failed",
"statusCode": 46000
},
"24553": {
"message": "User group(s) has been deleted successfully.",
"status": "Success",
"statusCode": 20000
}
},
"name": "DELETE_USERGROUP"
}
}
5.3 Fetch All User Groups
(This API works from PAM360 build 6320 and above only)
Description
To fetch all the user groups.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/userGroup
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
GET
Note: The default limit, 100, will be applied if the "limit" is not specified.
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"limit": 3,
"startIndex": 1,
"searchValue": "sample",
"searchColumn": "userGroupId|userGroupName|description",
"searchOperator": "contains|doesNotContain|equals|notEquals|startsWith|endsWith"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "User group(s)' details have been fetched successfully.",
"status": "Success",
"statusCode": 20000
},
"Details": [
{
"userGroupName": "Sample",
"userGroupId": 301,
"dateCreated": "2023-06-01 12:48:35.862",
"description": "For sample purpose"
}
],
"operationName": "GET_USERGROUP(S)",
"totalRows": 1
}
}
6. Resource Groups
6.1 Create Static and Dynamic Resource Groups
Description
To create both static and dynamic resource groups in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The following data must be passed as input to create a static resource group:
INPUT_DATA={
"operation": {
"Details": {
"GROUPNAME": "CG1",
"DESCRIPTION": "description",
"PARENTGROUPID": 306,
"GROUPTYPE":"STATIC",
"POLICY": "Low",
"NoHelpDeskRetrieval": "false"
}}}
The following data must be passed as input to create a dynamic resource group:
Note: While specifying criteria for the dynamic resource group, you can make use of the default condition attributes and search operators provided below.
Condition Attributes: RESOURCENAME, IPADDRESS, OPERATINGSYSTEM, RESOURCEDESC, DEPARTMENT, LOCATION, and DOMAINNAME.
Search Operators: CONTAINS, NOT_CONTAINS, EQUAL, NOT_EQUAL, STARTS_WITH, and ENDS_WITH.
INPUT_DATA={
"operation": {
"Details": {
"GROUPNAME": "CG3",
"DESCRIPTION": "description",
"PARENTGROUPID": 3002,
"POLICY": "Low",
"NoHelpDeskRetrieval": "false",
"GROUPTYPE":"DYNAMIC",
"andor": "and",
"NoOfCriteria": 2,
"condition_1": "RESOURCENAME",
"operator_1": "CONTAINS",
"valuefield_1": "a",
"condition_2": "Custom",
"operator_2": "CONTAINS",
"valuefield_2": "e",
"customType_2"="account"
}}}
Input Data
(Applicable from build 7200 and above only)
INPUT_DATA={
"operation": {
"Details": {
"GROUPNAME": "Advance dynamic group",
"DESCRIPTION": "description",
"PARENTGROUPID": 301,
"POLICY": "Low",
"NoHelpDeskRetrieval": "false",
"GROUPTYPE":"DYNAMIC",
"CRITERIAEXPRESSION": "( C1 AND C2 ) OR ( C3 AND C4 )",
"NoOfCriteria": 4,
//Condition 1 (C1)
"condition_1": "DEPARTMENT",
"operator_1": "CONTAINS",
"valuefield_1": "Marketing",
//Condition 2 (C2)
"condition_2": "OPERATINGSYSTEM",
"operator_2": "CONTAINS",
"valuefield_2": "Windows",
//Condition 3 (C3)
"condition_3": "DEPARTMENT",
"operator_3": "CONTAINS",
"valuefield_3": "Development",
//Condition 4 (C4)
"condition_4": "OPERATINGSYSTEM",
"operator_4": "CONTAINS",
"valuefield_4": "Linux"
}}}
Note: From build 7200 onwards, the conditions specified in the criteria should use either AND or OR logic, excluding subsets.
Sample Request
curl -X POST -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "Content-Type: text/json" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup --data-urlencode "INPUT_DATA={\"operation\": {\"Details\": {\"critgroup\": \"CG1\",\"critdesc\": \"description about CG1\",\"RuleCriteria\": \"Low\",\"NoHelpDeskRetrieval\": \"false\",\"andor\": \"and\",\"NoOfCriteria\": 2,\"condition_1\": \"RESOURCENAME\",\"operator_1\": \"CONTAINS\",\"valuefield_1\": \"win\",\"condition_2\": \"LOGINNAME\",\"operator_2\":\"CONTAINS\",\"valuefield_2\": \"PAM360\"} } }"
Sample Output
{ "operation": { "name":"CREATE RESOURCE GROUP", "result": { "status":"Success", "message":"Group CG1 has been added successfully."} } }
6.2 Associate a Resource to a Resource Group
(This API works from PAM360 build 5400 and above only)
Description
To associate a resource to a resource group.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup/<groupId>/associateResources
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
POST
Input Data
INPUT_DATA={ "operation": {"Details": { RESOURCEIDS:[1, 2] }}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup/<groupId>/associateResources
Sample Response
{ "operation": { "result": { "message":"Resource added to group successfully.","status":"Success"}, "Details": { "1": { "status":"Success"}, "2":{ "status":"Success" }}, "name":"ASSOCIATE RESOURCES" }}
6.3 Dissociate a Resource from a Resource Group
(This API works from PAM360 build 5400 and above only)
Description
To dissociate a resource from a resource group.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup/<groupId>/disassociateResources
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
POST
Input Data
INPUT_DATA={ "operation": {"Details": { RESOURCEIDS:[1, 2] }}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup/<groupId>/disassociateResources
Sample Response
{ "operation": { "result": { "message":"Resource removed from group successfully.","status":"Success" }, "Details":{ "1":{ "status":"Success"}," 2":{ "status":"Success" }}, "name":"DISASSOCIATE RESOURCES" }}
6.4 Fetch Resource Groups Associated to a Resource
(This API works from PAM360 build 5400 and above only)
Description
To fetch resource groups that are associated to a resource.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<ResourceId>/associatedGroups
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
GET
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<ResourceId>/associatedGroups
Sample Response
{ "operation": { "result":{ "message":"Associated groups fetched successfully","status":"Success"}, "Details":{ "ASSOCIATED GROUPS":[{ "GROUP ID":301,"GROUP NAME":"Default Group"}]}, "name":"GET ASSOCIATED GROUPS" }}
6.5 Delete a Resource Group
(This API works from PAM360 build 5400 and above only)
Description
To delete a particular resource group.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup?RESOURCEGROUPID=<resourcegroupid>
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
DELETE
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup?RESOURCEGROUPID=<resourcegroupid>
Sample Response
{ "operation":{ "name":"DELETE RESOURCE GROUP","result": { "status":"Success","message":"Resource Group deleted successfully." }}}
6.6 Fetch Resource Group ID
(This API works from PAM360 build 5400 and above only)
Description
To fetch the ID of a resource group.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup/getResourceGroupId?RESOURCEGROUPNAME=<resourcegroupname>&USERID=<userid>
Note: The user ID of the resource group owner should be passed in the USERID param.
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
GET
Parameters
RESOURCEGROUPNAME=<resourcegroupname> USERID=<userid>
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup/getResourceGroupId?RESOURCEGROUPNAME=<resourcegroupname>&USERID=<userid>
Sample Response
{ "operation":{ "name":"GET RESOURCE GROUP ID","result": { "status":"Success","message":"Resource Group Id for the specified Resource Group name have been fetched successfully."} ,"Details":{"REOURCEGROUPID":"1" }}}
6.7 Fetch All Resource Groups of a User
(This API works from PAM360 build 6000 and above only)
Description
To fetch all owned and shared resource groups of a user.
URL
https://<Host-Name-of-PAM360-Server OR IPddress>:<Port>/restapi/json/v1/resourcegroup
Headers
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
GET
Input Data
None
Sample Output
{
"operation": {
"result": {
"message": "Resource group list fetched successfully",
"status": "Success",
"statusCode": 20000
},
"Details": [
{
"resourceGroupDescription": "Group of Windows resources",
"accessType": "modify",
"resourceGroupName": "a2",
"isOwner": "false",
"resourceGroupType": "dynamic",
"resourceGroupId": "1201",
"timeCreated": "2023-02-24 18:01:24.378",
"subGroupOf": "1", //Parent ID
"ownerId": "1"
},
{
"resourceGroupDescription": "All the resources created by me",
"accessType": "fullaccess",
"resourceGroupName": "Default Group",
"isOwner": "true",
"resourceGroupType": "static",
"resourceGroupId": "301",
"timeCreated": "2023-02-14 14:55:22.998",
"subGroupOf": "",
"ownerId": "301"
},
{
"resourceGroupDescription": "Group of Linux resources",
"accessType": "fullaccess",
"resourceGroupName": "st1",
"isOwner": "false",
"resourceGroupType": "static",
"resourceGroupId": "1202",
"timeCreated": "2023-02-24 18:02:10.251",
"subGroupOf": "2",
"ownerId": "1"
},
{
"resourceGroupDescription": "Group of Windows Domain resources",
"accessType": "fullaccess",
"resourceGroupName": "static",
"isOwner": "false",
"resourceGroupType": "static",
"resourceGroupId": "901",
"timeCreated": "2023-02-24 16:08:26.262",
"subGroupOf": "3",
"ownerId": "1"
}
],
"name": "GET_RESOURCE_GROUPS",
"totalRows": 4
}
}
7. Organizations
7.1 Get Organization Details
(This API works from PAM360 build 6320 and above only)
Description
To get all the accessible organization details of a user.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/organizations
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
None
Sample Output
{
"operation": {
"result": {
"message": "Fetched organization(s) successfully.",
"status": "Success",
"statusCode": 20000
},
"Details": [
{
"name": "sample1",
"id": "1",
"displayName":"sample1"
},
{
"name": "sample2",
"id": "2",
"displayName":"sample1"
}
],
"name": "GET_ORGANIZATIONS",
"totalRows": 2
}
}
7.2 Manage Organization Access
(This API works from PAM360 build 7500 and above only)
Description
To request grant or revoke permission for a user to manage the client organization in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/organizations/manage
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
POST
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"userGroupIds": [1,2],
"userIds": [3,4],
"managePermission":"grant|revoke",
"orgIds":[301,302],
"approvalAdminId":"1"
}
}
}
Sample Output
Case 1:
{
"operation":{
"result":{
"message": "Manage organization action has been triggered. Refer below Details.",
"status": "Success",
"statusCode": 20001
},
"Details":{
"301":{
"userGroup":{
"1":{
"status":"Success",
"statusCode":2000
},
" 2":{
"status":"Failed",
"statusCode":4001,
"message":"User group not found."
}
},
"user":{
"3":{
"status":"Success",
"statusCode":2000
},
" 4":{
"status":"Success",
"statusCode":2000
}
}
},
"302":{
"userGroup":{
"1":{
"status":"Success",
"statusCode":2000
},
" 2":{
"status":"Failed",
"statusCode":4001,
"message":"User group not found."
}
},
"user":{
"3":{
"status":"Success",
"statusCode":2000
},
" 4":{
"status":"Success",
"statusCode":2000
}
}
},
"name":"MANAGE_ORGANIZATION"
}
}
}
Case 2: Mandatory param missing
{
"operation": {
"result": {
"message": "Account addition failed.",
"status": "Failed"
},
"Details": {
"message": "Provide all mandatory params in INPUT_DATA.",
"status": "Failed",
"statusCode": 40007
},
"name": "MANAGE_ORGANIZATION"
}
}
8. Access Control
8.1 Request Password Approval by the Admin
Description
Method to request the admin for password access approval. The account id has to be passed for the same in the URL.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/{accountid}/requestpassword
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
In case the setting at your end demands a reason to be supplied for requesting a password, you need to pass the following details as input.
Sample Input
INPUT_DATA={ "operation":{ "Details":{
PASSWDID":"1" "REASON":"Testing" }
}
}
Sample Request
curl -X POST -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "Content-Type: text/json" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/7/requestpassword?INPUT_DATA= { "operation" : { "Details":{ "REASON" : "Testing"}}}
Sample Output
{ "operation":{
"name":"REQUEST_PASSWORD" ,"result":{"status":"Success" ,"message":"Request to view password have been raised successfully" },
"Details":{"STATUS" : "WAITING FOR APPROVAL / CHECKOUT" ;
}
}
}
(Applicable from build 8310 and above only)
The sample input to raise a password access request to an account belonging to a Windows Domain resource, specifying the desired resources you wish to access, using the account for which you are raising a password access request, is shown below:
Sample Input
INPUT_DATA={
"operation": {
"Details": {
"REASON": "Reason",
"RESOURCES_TO_BE_ACCESSED_OPTION":"3", // Enter 1 to access the domain account, 2 to access all the shared member resources, and 3 to access specific resources
"SELECTED_RESOURCEIDS":["301","601"] // If multiple resources are selected
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Password request raised successfully",
"status": "Success",
"statusCode": 20000
},
"Details": {
"STATUS": "[Waiting for approval]"
},
"name": "REQUEST PASSWORD"
}
}
8.2 Get the List of Password Requests
Description
Fetch the list of password access requests raised to accounts configured with access control workflow for which the user is designated as Authorized Administrator, that are currently awaiting approval.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/passwordaccessrequests
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Sample Input
INPUT_DATA= { "operation" : { "Details" : { "REASON" : "Testing", "TICKETID" : "7"}}}
Sample Request
curl -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>"https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/passwordaccessrequests
Sample Output
{
"operation":{
"result":{
"message": "Password requests fetched successfully",
"status": "Success"
},
"Details":[
{
"REQUESTED BY": "john",
"REQUESTED BY FULLNAME": "john smith",
"REQUESTER USERID": "301",
"PASSWORDREQUESTLIST":[
{
"REQUESTED TIME": "Oct 20, 2021 11:20 AM",
"PASSWD ID": "309",
"STATUS": "",
"RESOURCE ID": "301",
"RESOURCE NAME": "pmp-cent7.abcd.zoho.com",
"APPROVED ADMIN COUNT": "0",
"ACCOUNT ID": "309",
"ACCOUNT NAME": "Admin",
"REASON": "To update the PAM360 server"",
"TOTAL APPROVAL ADMIN COUNT": "1",
"STAR_TIME": "Oct 21, 2021 06:00 ",
"END_TIME":"Oct 21, 2021 06:45 ",
"IS_WINDOWSDOMAIN_RESOURCE": true,
"RESOURCES_TO_BE_ACCESSED" : "Selected Resources"
"SELECTED_RESOURCES":[{
"RESOURCENAME": "pmp2k16",
"RESOURCEID": "601"
},
{
"RESOURCENAME": "pmp-linux2",
"RESOURCEID": "2"
},
{
"RESOURCENAME": "pmp-centos32",
"RESOURCEID": "3"
}]
}
]
}
],
"name": "REQUEST PASSWORD LIST",
"totalRows": 1
}
}
Note: Requester ID is the same as the ID of the user who has requested the password.
8.3 Reject a Password Request
Description
Method for the admin to reject the password requests. This requires the account ID and requester ID to be passed in the URL.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/{accountid}/requester/{requesterid}/reject
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Sample Input
INPUT_DATA={ "operation":{ "Details":{ "PASSWDID":"1" "REQUESTEDID" : "2" (userid of the request raised user) } } }
Note: Requester ID is the same as the ID of the user who has requested the password.
Sample Request
curl -X POST -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "Content-Type: text/json"https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/7/requester/34/reject
Sample Output
{ "operation":{ "name" : "ADMIN_REQUEST_REJECT""result" : {"status" : "Success""message": "Password Rejected successfully" }
}
}
8.4 Approve a Password Request
Description
Method for the admin to approve the password requests. Here, the account ID and the Requester ID are required to be passed in the URL.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/{accountid}/requester/{requesterid}/approve
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
None
Note: Requester ID is the same as the ID of the user who has requested the password. REQUESTEDID can be obtained from the GET PASSWORDREQUEST API(REQUESTER USERID).
Sample Request
curl -X POST -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "Content-Type: text/json" https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/7/requester/34/approve
Sample Output
{ "operation" : { "name" : "ADMIN_REQUEST_APPROVE""result" : { "status" : "Success""message": "Password Approved successfully" }
}
}
8.5 Check-in the Password Approved by the Admin
Description
Method to check-in the password approved by the admin. The account and requester IDs have to be passed in the URL for the same.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/{accountid}/requester/{requesterid}/checkin
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
INPUT_DATA={ "operation":{ "Details":{ "PASSWDID" : "1" "REQUESTEDID" : "2" (userid of the request raised user)
}
}
Note: Requester ID is the same as the ID of the user who has requested the password.
Sample Request
curl -X POST -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "Content-Type: text/json"https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/7/requester/34/checkin
Sample Output
{ "operation":{"name" : "ADMIN_REQUEST_CHECKIN""result" : {"status" : "Success""message" : "Password have been checked in successfully" }
}
}
8.6 Checkout the Password Approved by the Admin
Description
Method to checkout the password after being approved by the admin after request. The account ID had to be passed for the same in the URL.
URL
https://:<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/{accountid}/checkout
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
On account of customized settings that demand reason for password checkout, you need to pass the following as input.
Sample Input
INPUT_DATA={ "operation":{ "Details":{ "REASON":"N/A" }
}
}
Sample Request
curl -X POST -k-H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H "Content-Type: text/json"https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/7/checkout?INPUT_DATA= { "operation" : { "Details" : { "REASON" : "N/A"}}}
Sample Output
{ "operation": { "name" : "REQUEST_CHECKOUT""result" : { "status" : "Success""message" : "Password have been checked out successfully"
"Details":{"STATUS" : "***** [checkIn]" }
}
}
9. Sharing
9.1 Share a Resource to a User
Description
To share a resource to a user.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<resourceid>/share
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
PUT
Input Data
INPUT_DATA={"operation":{"Details":{"ACCESSTYPE": "modify","USERID":"1"}}}
Allowed accesstypes: view, modify, fullaccess, revoke
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/1/share
Sample Response
{"operation":{"name":"SHARE RESOURCE","result":{"status":"Success","message":"Read and Modify permission granted to user successfully."}}}
9.2 Bulk Share Resources to Users
(This API works from PAM360 build 6320 and above only)
Description
To share resources to users in bulk.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/share
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
PUT
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"resourceIds": ["301","302","601"],
"userIds":["1","2"],
"accessType":"view|modify|fullaccess|revoke"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Revoke action triggered. Refer Audit for more details.",
"status": "Success",
"statusCode": 20001
},
"operationName": "SHARE_RESOURCE(S)"
}
}
9.3 Share a Resource to a User Group
(This API works from PAM360 build 5100 and above only)
Description
To share a resource to a user group
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<resourceid>/share
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
PUT
Input Data
INPUT_DATA={"operation":{"Details":{"ACCESSTYPE":"view","USERGROUPID":"1"}}}
Allowed accesstypes: view, modify, fullaccess, revoke
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/1/share
Sample Response
{ "operation": { "result": { "message": "Read Only permission granted to user group(s) successfully.", "status": "Success" }, "name": "SHARE RESOURCE" } }
9.4 Bulk Share Resources to User Groups
(This API works from PAM360 build 6320 and above only)
Description
To share resources to user groups in bulk.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/share
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
PUT
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"resourceIds": ["301","302","601"],
"userGroupIds":["1","2"],
"accessType":"view|modify|fullaccess|revoke"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Revoke action triggered. Refer Audit for more details.",
"status": "Success",
"statusCode": 20001
},
"operationName": "SHARE_RESOURCE(S)"
}
}
9.5 Share an Account to a User
Description
To share an account to a user.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<resourceid>/accounts/<accountid>/share
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
PUT
Input Data
INPUT_DATA={"operation":{"Details":{"ACCESSTYPE":"modify","USERID":"1"}}}
Allowed accesstypes: view, modify, revoke
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/11/share
Sample Response
{"operation":{"name":"SHARE ACCOUNT","result":{"status":"Success","message":"View and Modify permission granted to user successfully."}}}
9.6 Bulk Share Accounts to Users
(This API works from PAM360 build 6320 and above only)
Description
To share accounts to users in bulk.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/share
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
PUT
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"accountIds": ["301","302","601"],
"userIds":["1","2"],
"accessType":"view|modify|remoteapponly|revoke",
"remoteAppIds":["1","2"], //in case of remoteapponly accessType
"resourceId":1 //in case of remoteapponly accessType
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Revoke action triggered. Refer Audit for more details.",
"status": "Success",
"statusCode": 20001
},
"operationName": "SHARE_ACCOUNTS"
}
}
9.7 Share an Account to a User Group
(This API works from PAM360 build 5100 and above only)
Description
To share an account to a user group
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/<resourceid>/accounts/<accountid>/share
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
PUT
Input Data
INPUT_DATA={"operation":{"Details":{"ACCESSTYPE":"view","USERGROUPID":"1"}}}
Allowed accesstypes: view, modify, fullaccess, revoke
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/1/accounts/1/share
Sample Response
{ "operation": { "result": { "message": "Read Only permission granted to user group(s) successfully.", "status": "Success" }, "name": "SHARE ACCOUNT" } }
9.8 Bulk Share Accounts to User Groups
(This API works from PAM360 build 6320 and above only)
Description
To share accounts to user groups in bulk.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/accounts/share
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
PUT
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"accountIds": ["301","302","601"],
"userGroupIds": ["1","2"],
"accessType":"view|modify|remoteapponly|revoke",
"remoteAppIds":["1","2"], //in case of remoteapponly accessType
"resourceId":1 //in case of remoteapponly accessType
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Revoke action triggered. Refer Audit for more details.",
"status": "Success",
"statusCode": 20001
},
"operationName": "SHARE_ACCOUNTS"
}
}
9.9 Bulk Share Resource Groups to Users
(This API works from PAM360 build 6320 and above only)
Description
To share resource groups to users in bulk.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup/share
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
PUT
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"resourceGroupIds": ["301","302","601"],
"userIds":["1","2"],
"accessType":"view|modify|fullaccess|revoke"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Revoke action triggered. Refer Audit for more details.",
"status": "Success",
"statusCode": 20001
},
"operationName": "SHARE_RESOURCEGROUP(S)"
}
}
9.10 Bulk Share Resource Groups to User Groups
(This API works from PAM360 build 6320 and above only)
Description
To share resource groups to user groups in bulk.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resourcegroup/share
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
PUT
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"resourceGroupIds": ["301","302","601"],
"userGroupIds": ["1","2"],
"accessType":"view|modify|fullaccess|revoke"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Revoke action triggered. Refer Audit for more details.",
"status": "Success",
"statusCode": 20001
},
"operationName": "SHARE_RESOURCEGROUP(S)"
}
}
10. Auditing
10.1 Get Audit Details
Description
To get the audit details in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/audit?AUDITTYPE=<<Resource/User>>&STARTINDEX=&LIMIT=&DURATION=<<TODAY / YESTERDAY/ LAST_7_DAYS >>
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP method
GET
Input Data
None
Sample Request
https://localhost:<Port>/restapi/json/v1/audit?AUDITTYPE=Resource&STARTINDEX=1&LIMIT=2&DURATION=YESTERDAY
Sample Response
{
"operation":
"name": "GET_AUDIT",
"result":
"status": "Success",
"message": "Audits fetched successfully."
},
"totalRows": 2,
"Details":
"AUDITID": "3002",
"RESOURCENAME": "Not Applicable",
"ACCOUNTNAME": "N/A",
"OPERATIONTYPE": "CI/CD Settings Updated",
"OPERATEDBY": "admin",
"IPADDRESS": "localhost",
"USERNAME": "N/A",
"LASTACCESSEDTIME": "2019-01-03 14:51:06.666",
"REASON": "Jenkins Authtoken Modified.",
"NAME": "N/A",
"CLIENT": "Web Client"
},
"AUDITID": "2113",
"RESOURCENAME": "test",
"ACCOUNTNAME": "test",
"OPERATIONTYPE": "Password Verification Failed",
"OPERATEDBY": "System",
"IPADDRESS": "localhost",
"USERNAME": "N/A",
"LASTACCESSEDTIME": "2019-01-03 01:45:00.107",
"REASON": "PAM360 could not verify the password integrity.",
"NAME": "N/A",
"CLIENT": "Web Client"
}
]
}
}
10.2 Fetch all SSL/SSH Audit Details
Description
To fetch all the Keys and Certificate audits from PAM360.
HTTPS method
GET
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
None
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getAuditDetails
Sample Response
{
"result": {
"message": "All Audit data fetched successfully.",
"status": "Success"
},
"name": "GetAllAudits",
"details": [
{
"OPERATION": "REST API",
"DESCRIPTION": "All Audit data fetched successfully.",
"AUDITID": 902,
"USERNAME": "admin",
"TIME": "Apr 18, 2023 13:25"
}
],
"totalRows": 1
}
11. Agent
11.1 Generate and Fetch PAM360 Agent Key
(This API works from PAM360 build 6000 and above only)
Description
To fetch the available PAM360 agent key or to generate and fetch a new one.
URL
https://<Host-Name-of-PAM360-Server OR IPddress>:<Port>/restapi/json/v1/agents/agentkey
Headers
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
POST
Input Data
Provide INPUT_DATA only for generating a new agent key.
Sample Input
INPUT_DATA={
"operation": {
"details": {
"generateAgentKey": "true",
"validityPeriod":3 // Provide this param to use the agent key in multiple installations for a stipulated time (In hours).
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Fetched Agent Key successfully.",
"status": "Success",
"statusCode": 20000
},
"Details": {
"agentKey": "66f835703f814e2e",
"agentKeyEndTime": "09/02/2023 01:03:31"
},
"operationName": "Fetch Agent Key"
}
}
12. Password Policy
12.1 Get Password Policies
(This API works from PAM360 build 5300 and above only)
Description
To list all the password policies in the organization.
HTTPS Method
GET
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/passwords/policies
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
Sample Response
{ "operation":{ "result":{ "message": "Password Policies fetched successfully", "status": "Success" }, "Details":{ "ORGANIZATION": "CHAKRIORG", "POLICIES":[ { ENFORCE MIXED CASE": "false", " PASSWORD MAX LENGTH": "8", " ENFORCE SPL CHARS": "false", " POLICYNAME": "Low", " ENFORCE NUMERALS": "false", " NO OF SPL CHARS REQUIRED": "0", " DEFAULTPOLICY": "false", " CHECK DICTIONARY WORD": "false", " NUMBER OF LOWERCASE CHARACTERS REQUIRED": "0", " REUSE OF OLD PASSWORDS": "Don't allow last 1 passwords", " CHECK ANAGRAM OF LOGINNAME": "false", POLICYID": "10000000000001", CHECK SEQUENCE": "false", DESCRIPTION": "Password with less strict constraints", " ENFORCE STARTING WITH AN ALPHABET": "false", " CHECK REPEATED SUBSTRING": "false", " PASSWORD CAN CONTAIN LOGINNAME": "false", " NUMBER OF UPPERCASE CHARACTERS REQUIRED": "0", " CHECK SIMILARITY OF PASSWORDS": "false", " PASSWORD VALIDITY PERIOD": "0", " NUMBER OF NUMERALS": "0", " PASSWORD MIN LENGTH": "4" }, { " ENFORCE MIXED CASE": "true", " PASSWORD MAX LENGTH": "10", " ENFORCE SPL CHARS": "false", " POLICYNAME": "Medium", " ENFORCE NUMERALS": "true", " NO OF SPL CHARS REQUIRED": "0", " DEFAULTPOLICY": "false", " CHECK DICTIONARY WORD": "false", " NUMBER OF LOWERCASE CHARACTERS REQUIRED": "1", " REUSE OF OLD PASSWORDS": "Don't allow last 5 passwords", " CHECK ANAGRAM OF LOGINNAME": "false", " POLICYID": "10000000000002", " CHECK SEQUENCE": "false", " DESCRIPTION": "Password with few strict constraints", " ENFORCE STARTING WITH AN ALPHABET": "true", " CHECK REPEATED SUBSTRING": "false", " PASSWORD CAN CONTAIN LOGINNAME": "true", " NUMBER OF UPPERCASE CHARACTERS REQUIRED": "1", " CHECK SIMILARITY OF PASSWORDS": "true", " NUMBER OF PASSWORDS TO CHECK FOR SIMILARITY": "1", " PASSWORD VALIDITY PERIOD": "180", " NUMBER OF NUMERALS": "1", " PASSWORD MIN LENGTH": "6" }, { ENFORCE MIXED CASE": "true", " SEQUENCE LENGTH": "5", " PASSWORD MAX LENGTH": "16", " ENFORCE SPL CHARS": "true", POLICYNAME": "Strong", " ENFORCE NUMERALS": "true", " CHECK NUMERIC SEQUENCE": "true", " KEYBOARD LAYOUT": "QWERTY", " DESCRIPTION": "Password with strict constraints", " ENFORCE STARTING WITH AN ALPHABET": "true", " NUMBER OF PASSWORDS TO CHECK FOR SIMILARITY": "1", " PASSWORD VALIDITY PERIOD": "30", " DICTIONARY NAME": "Common Words", CHECK CONSECUTIVE SEQUENCE": "true", " NO OF SPL CHARS REQUIRED": "1", " DEFAULTPOLICY": "true", " CHECK DICTIONARY WORD": "true", " NUMBER OF LOWERCASE CHARACTERS REQUIRED": "1", " REUSE OF OLD PASSWORDS": "Don't allow last 10 passwords", " CHECK ANAGRAM OF LOGINNAME": "false", " CHECK ALPHABET SEQUENCE": "true", " POLICYID": "10000000000003", " CHECK KEYBOARD SEQUENCE": "true", " CHECK OBVIOUS SUBSTITUTION": "false", " CHECK SEQUENCE": "true", " CHECK REPEATED SUBSTRING": "true", " PASSWORD CAN CONTAIN LOGINNAME": "true", " NUMBER OF UPPERCASE CHARACTERS REQUIRED": "1", " CHECK SIMILARITY OF PASSWORDS": "true", " NUMBER OF NUMERALS": "1", " PASSWORD MIN LENGTH": "8" }, { " ENFORCE MIXED CASE": "true", " PASSWORD MAX LENGTH": "32", " ENFORCE SPL CHARS": "true", POLICYNAME": "Offline Password File", " ENFORCE NUMERALS": "true", " NO OF SPL CHARS REQUIRED": "1", " DEFAULTPOLICY": "false", " CHECK DICTIONARY WORD": "false", " NUMBER OF LOWERCASE CHARACTERS REQUIRED": "1", " REUSE OF OLD PASSWORDS": "Don't allow last 10 passwords", " CHECK ANAGRAM OF LOGINNAME": "false", " POLICYID": "10000000000004", " CHECK SEQUENCE": "false", " DESCRIPTION": "Policy for offline password access", " ENFORCE STARTING WITH AN ALPHABET": "false", " CHECK REPEATED SUBSTRING": "false", " PASSWORD CAN CONTAIN LOGINNAME": "true", " NUMBER OF UPPERCASE CHARACTERS REQUIRED": "1", " CHECK SIMILARITY OF PASSWORDS": "false", " PASSWORD VALIDITY PERIOD": "30", " NUMBER OF NUMERALS": "1", " PASSWORD MIN LENGTH": "16" }, { " ENFORCE MIXED CASE": "true", " SEQUENCE LENGTH": "3", " PASSWORD MAX LENGTH": "10", " ENFORCE SPL CHARS": "false", " POLICYNAME": "test", " ENFORCE NUMERALS": "true", " CHECK NUMERIC SEQUENCE": "true", " KEYBOARD LAYOUT": "QWERTY", " DESCRIPTION": "testing", " ENFORCE STARTING WITH AN ALPHABET": "true", " NUMBER OF PASSWORDS TO CHECK FOR SIMILARITY": "1", " PASSWORD VALIDITY PERIOD": "180", " DICTIONARY NAME": "Common Words", " CHECK CONSECUTIVE SEQUENCE": "false", " NO OF SPL CHARS REQUIRED": "0", " DEFAULTPOLICY": "false", " CHECK DICTIONARY WORD": "true", " NUMBER OF LOWERCASE CHARACTERS REQUIRED": "1", " REUSE OF OLD PASSWORDS": "Don't allow last 5 passwords", CHECK ANAGRAM OF LOGINNAME": "true", CHECK ALPHABET SEQUENCE": "true", " POLICYID": "10000000000011", " CHECK KEYBOARD SEQUENCE": "true", " CHECK OBVIOUS SUBSTITUTION": "true", " CHECK SEQUENCE": "true", " CHECK REPEATED SUBSTRING": "true", " PASSWORD CAN CONTAIN LOGINNAME": "true", " NUMBER OF UPPERCASE CHARACTERS REQUIRED": "1", " CHECK SIMILARITY OF PASSWORDS": "true", " NUMBER OF NUMERALS": "1", " PASSWORD MIN LENGTH": "6" } ] }, "name": "GET PASSWORD POLICIES" } }
13. Resource Types
13.1 Get all Resource Types
(This API works from PAM360 build 5300 and above only)
Description
To list all the resource types in the organization.
HTTPS Method
GET
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/resources/resourcetypes
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
Input Data
INPUT_DATA={ "operation":{ "Details":{ "RESOURCETYPE_CONTAINING":["brocade"], } } }
Sample Response
{ "operation":{ "result":{ "message": "Resource Types fetched successfully", "status": "Success" }, "Details":{ "RESOURCETYPES":[ { "COMMAND_SET":[ "Brocade" ], "ISSYNCSUPPORTED": "false", "CUSTOMRESOURCETYPE": "Windows", "ISCERTIFICATE": "false", "CATEGORY": "network", "SYNCTYPE": "CustomCli", "ISDEFAULT_SUPPORTED_RESOURCETYPE": "true", "OSID": "40", "RESOURCE_ATTRIBUTES":[ "DNS Name / IP Address", "Group Name", "Resource Description", "Department", "Resource URL", "Location", "Password Policy", "Resource Name" ], "ACCOUNT_ATTRIBUTES":[ "Password Policy", "Private Key", "Notes", "User Account", "User Account Password" ], "RESOURCETYPE": "Brocade", "DEFAULTRESOURCETYPE": "false" }, { "COMMAND_SET":[ "Brocade SAN Switch" ], "ISSYNCSUPPORTED": "false", "CUSTOMRESOURCETYPE": "Windows", "ISCERTIFICATE": "false", "CATEGORY": "network", "SYNCTYPE": "CustomCli", "ISDEFAULT_SUPPORTED_RESOURCETYPE": "true", "OSID": "42", "RESOURCE_ATTRIBUTES":[ "DNS Name / IP Address", "Group Name", "Resource Description", "Department", "Resource URL", "Location", "Password Policy", "Resource Name" ], "ACCOUNT_ATTRIBUTES":[ "Password Policy", "Private Key", "Notes", "User Account", "User Account Password" ], "RESOURCETYPE": "Brocade SAN Switch", "DEFAULTRESOURCETYPE": "false" }, { "COMMAND_SET":["Brocade VDX"], "ISSYNCSUPPORTED": "false", "CUSTOMRESOURCETYPE": "Windows", "ISCERTIFICATE": "false", "CATEGORY": "network", "SYNCTYPE": "CustomCli", "ISDEFAULT_SUPPORTED_RESOURCETYPE": "true", "OSID": "41", "RESOURCE_ATTRIBUTES":[ "DNS Name / IP Address", "Group Name", "Resource Description", "Department", "Resource URL", "Location", "Password Policy", "Resource Name" ], "ACCOUNT_ATTRIBUTES":[ "Password Policy", "Private Key", "Notes", "User Account", "User Account Password" ], "RESOURCETYPE": "Brocade VDX", "DEFAULTRESOURCETYPE": "false" } ], "ORGANIZATIONNAME": "MSPOrg" }, "name": "GET RESOURCE TYPES" } }
14. Two-Factor Authentication
14.1 Reset Two-Factor Authentication
(This API works from PAM360 build 5400 and above only)
Description
To reset two-factor authentication for a username.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/resetMFA?USERNAME=<username>
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
PUT
Parameters
USERNAME=<username>
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/restapi/json/v1/user/resetMFA?USERNAME=<username>
Sample Response
{
"operation":{
"result":{
"message": "Two Factor Authentication reset successfully",
"status": "Success"
},
"name": "Reset MFA"
}
}
15. Server
15.1 Fetch HA Status
(This API works from PAM360 build 6000 and above only)
Description
To get the status of the High Availability server.
URL
https://<Host-Name-of-PAM360-Server OR IPddress>:<Port>/restapi/json/v1/server/getHighAvailabilityStatus
Headers
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName= <<org display name>>
HTTP Method
GET
Input Data
None
Sample Output
{
"operation": {
"name": "Get HA Status",
"result": {
"status": "Success",
"message": "HA Status fetched successfully"
"statusCode":20000
},
"Details":{
"haStatus":"active",
"isPrimaryServer":"true",
"primaryServer":"master.server.com",
"primaryServerStatus":"active",
"secondaryServer":"slave.server.com",
"secondaryServerStatus":"active",
}
}
}
16. SSH Keys
16.1 Create a New SSH Key
Description
To create a new SSH key.
URL
https:// <Host-Name-of-PAM360-Server OR IP-Address> :<Port>/api/pki/restapi/createsshkey
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The following data has to be passed as input:
{"operation":{"Details":{"keyName":"keytest",
"passPhrase":"passPhrase",
"comment":"comment",
"length":"2048",
"keyType":"ssh-rsa"}}}
Sample Request
https://< Host-Name-of-PAM360-Server OR IP-Address >:<Port>/api/pki/restapi/createsshkey?INPUT_DATA={"operation":{"Details":{"keyName":"keytest","passPhrase":"passPhrase","comment":"comment","length":"2048","keyType":"ssh-rsa"}}}
Sample Response
{ "name": "CreateSSHKey",
"result": {
"status": "Success",
"message": "New SSH key created successfully" }
}
Note: Following are the key types that can be used to create new SSH keys:
- sh-rsa (key length: 1024/2048/4096)
- ssh-dss (key length: 1024)
- d25519 (no specific key length)
- ecdsa (key length: 256/384/521)
16.2 Delete an SSH Key
Description
To delete a particular SSH key.
URL
https://< Host-Name-of-PAM360-Server OR IP-Address >:<Port>/api/pki/restapi/deleteSSHKey
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
DELETE
Input Data
The following data has to be passed as input:
{"operation":{"Details":{"key_name":"newkey1","withoutDisassociation":"true"}}}
Sample Request
https://< Host-Name-of-PAM360-Server OR IP-Address >:<Port>/api/pki/restapi/deleteSSHKey?INPUT_DATA={"operation":{"Details":{"key_name":"newkey1","withoutDisassociation":"true"}}}
Sample Response
{ "name": "DeleteSSHKey","result": { "status": "Success","message": "SSH keys newkey1 deleted successfully"}}
16.3 Fetch all the SSH Keys
Description
To fetch all the discovered SSH keys.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getAllSSHKeys
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
None
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getAllSSHKeys
Sample Response
{ "name": "GetAllSSHKeys", "result": { "status": "Success", "message": "All SSH Keys fetched successfully" }, "totalRows": 1, "details": [ { "KeyName": "testkey", "KeyType": "ssh-rsa", "KeyLength": "2048", "FingerPrint": "SHA256:v28/AlRYrpBKjAp4JoTRphLOkFdVb1ummVcyFHSfC5I", "isPassphraseAvailable": false, "CreatedBy": "mm", "CreationTime": "Today" } ] }
16.4 Fetch a Particular SSH Key
Description
To fetch a particular SSH key from the discovered keys.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getSSHKey
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The name of the operation and key to be passed as input
{"operation":{"Details":{"keyName":"key"}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"key"}}}
Sample Response
{ "name": "GetSSHKey", "result": { "status": "Success", "message": "SSH Key testkey fetched successfully" }, "details": [ { "KeyName": "testkey", "KeyType": "ssh-rsa", "KeyLength": "2048", "FingerPrint": "SHA256:v28/AlRYrpBKjAp4JoTRphLOkFdVb1ummVcyFHSfC5I", "isPassphraseAvailable": false, "CreatedBy": "mm", "CreationTime": "Today" } ] }
16.5 Fetch SSH Key Passphrase
Description
To fetch a passphrase of an SSH key.
HTTPS Method
GET
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
The name of the operation and key to be passed as input
{"operation":{"Details":{"keyName":"testKey"}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getSSHKeyPassphrase?INPUT_DATA={"operation":{"Details":{"keyName":"testKey"}}}
Sample Response
{
"result": {
"message": "Passphrase fetched successfully"
"status": "Success"
},
"name": "GetSSHKeyPassphrase",
"details": {
"passphrase": "passphrase@321"
}
}
16.6 Export an SSH Key
Description
To export a particular SSH key.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/exportSSHKey
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The name of the operation and key have to be passed as input.
{"operation":{"Details":{"keyName":"key"}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/exportSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"key"}}}
Sample Response
Key file
16.7 Get SSH Keys for a User
Description
To get all the SSH keys associated with a particular user.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getSSHkeysforuser
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
The username and resource name have to be passed as input.
{"operation":{"Details":{"userName":"test","resourceName":"172.21.xxx.xx"}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getSSHkeysforuser?&INPUT_DATA={"operation":{"Details":{"userName":"test","resourceName":"172.21.xxx.xx"}}}
Sample Response
{ "name": "GetSSHKeysForUser", "result": { "status": "Success", "message": "SSH keys for user test of resource pam-centos6 fetched successfully" }, "details": "testkey,testkey1" }
16.8 Fetch all Associated Users
Description
To fetch all the users associated with SSH keys.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getAllAssociatedUsers
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
None
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getAllAssociatedUsers
Sample Response
{ "name": "GetAllAssociatedUsers", "result": { "status": "Success", "message": "All associated users fetched successfully" }, "totalRows": 1, "details": [ { "UserName": "test", "ResourceName": "pam-centos6" } ] }
16.9 Import an SSH Key
Description
To import an SSH key.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/addSSHKey
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The following data is to be passed as input:
{ "operation": { "Details": { "keyName":"testkey","passphrase":"passtrix" } } }
Sample Request
curl -X POST -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"keyName":"testkey","passphrase":"passtrix"}}} -F File=@D:/certs/keys/test1-passtrix/test1_Jul-21-2017-15_56.key https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/addSSHKey
Sample Response
{ "name":"addSSHKey","result": { "status":"SUCCESS","message":"Key imported successfully" } }
16.10 Associate an SSH Key
Description
To associate an SSH key.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/associateKey
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The following data is to be passed as input:
{ "operation": { "Details": { "keyName":"testkey","resourceName":"test.csez.zohocorpin.com","userName":"test","usePrivateKeyForLogin":"true" } } }
The param "usePrivateKeyForLogin" is available from build 7100 and above only.
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/associateKey?INPUT_DATA={"operation":{"Details":{"keyName":"testkey","resourceName":"test.csez.zohocorpin.com","userName":"test","usePrivateKeyForLogin":"true"}}}
Sample Response
{ "name": "associateKey", "result":
{ "status": "Success", "message": "Key associated successfully"
}
}
16.11 Dissociate an SSH Key
Description
To dissociate an SSH key.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/dissociateKey
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The following data is to be passed as input:
{ "operation": { "Details": { "keyName":"testkey","resourceName":"test.csez.zohocorpin.com","userName":"test" } } }
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/dissociateKey?INPUT_DATA={"operation":{"Details":{"keyName":"testkey","resourceName":"test.csez.zohocorpin.com","userName":"test"}}}
Sample Response
{ "name": "dissociateKey", "result": { "status": "SUCCESS", "message": "Key dissociated successfully." } }
16.12 Export an SSH Key as a Specific Key Type
(This API works from PAM360 build 6200 and above only)
Description
To export a particular SSH key as a specific Key Export Type (Public or Private).
HTTPS METHOD
POST
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
- {"operation":{"Details":{"keyName":"Key","keyExportType":"public"}}}
- {"operation":{"Details":{"keyName":"Key","keyExportType":"private"}}}
Note: Specify 'public or 'private' in 'keyExportType' to indicate to fetch public or private key.
Sample Request
- https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/exportSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"Key","keyExportType":"public"}}}
- https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/exportSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"Key","keyExportType":"private"}}}
Sample Response
Key file
17. SSL Certificates
17.1 Get an SSL Certificate
Description
To obtain an SSL certificate from PAM360's certificate repository.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getCertificate
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
The operation details and the name of the certificate fetched have to be passed as input.
{"operation": { "Details" : { "common_name" : "*.google.com","serial_number":"XXXXXXXXXXXXXX" // optional to provide serial number to fetch certificate details}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getCertificate?INPUT_DATA={"operation":{"Details":{"common_name":"*.google.com","serial_number":"XXXXXXXXXXXXXX"}}}
Sample Response
Certificate object
17.2 Get all SSL Certificates
Description
To obtain all the SSL certificates from PAM360's certificate repository.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getAllSSLCertificates
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data (Optional)
INPUT_DATA={"operation":{"Details":{"withExpiryDaysLessThan":"500","withKeyLength":"1024","withSignatureAlgorithm":"SHA1"}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getAllSSLCertificates?INPUT_DATA={"operation":{"Details":{"withExpiryDaysLessThan":"500","withKeyLength":"1024","withSignatureAlgorithm":"SHA1"}}}
Sample Response
{ "name": "GetAllSSLCertificates","result": { "status": "Success", "message": "All SSL Certificates fetched successfully"},
"totalRows": 2,"details": [{ "CertID": 1, "DNS Name/FQDN": "paytm.com", "Port": 443,
"Common Name": "*.paytm.com", "Issuer": "GeoTrust Inc.", "FromDate": "Oct 13, 2015", "ExpiryDate": "Aug 27, 2017",
"KeyStrength": "2048","SignatureAlgorithm": "SHA256withRSA","Created By": "admin","Expiry Notification Email": ""},{ "CertID": 302,"DNS Name/FQDN": "204.141.32.155","Port": 443,
"Common Name": "*.zoho.com", "Issuer": "Sectigo Limited", "FromDate": "Jul 2, 2019", "ExpiryDate": "Apr 30, 2021",
"KeyStrength": "2048","SignatureAlgorithm": "SHA256withRSA","Created By": "admin","Expiry Notification Email": ""}]}
Note: Including the Input Data in the API request is optional. In case input data is provided, you can add any one or all of the available filters: withExpiryDaysLessThan,withKeyLength,withSignatureAlgorithm.
17.3 Get all SSL Certificate Expiry
Description
To get the expiry dates of all the SSL certificates.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getAllSSLCertsExpiryDate
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
None
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getAllSSLCertsExpiryDate
Sample Response
{ "name": "GetAllSSLCertificatesExpiryDate", "result": { "status": "Success", "message": "Certificates expiry date fetched successfully" }, "totalRows": 2, "details": [ { "Common Name": "*.paytm.com", "ExpiryDate": "Aug 27, 2017" }, { "Common Name": "*.zoho.com", "ExpiryDate": "Apr 30, 2021" } ] }
17.4 Get SSL Certificate Details
Description
To get the details of a particular SSL certificate.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getCertificateDetails
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
The operation details and the name of the certificate have to be passed as input.
{"operation": {"Details":{"common_name":"*.google.com"}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getCertificateDetails?INPUT_DATA={"operation": {"Details":{"common_name":"*.google.com"}}}
Sample Response
{ "name": "GetCertificateDetails", "result": { "status": "Success", "message": "Details of certificate *.zoho.com fetched successfully" }, "details": [ { "certtype": "Domain", "certificateTemplate": "N/A", "endpoint": { "hostName": "*.zoho.com", "port": "443", "expiry_date": "2021-04-30 05:29:59.0", "from_date": "2019-07-02 05:30:00.0", "certSignAlg": "SHA256withRSA", "Sans": "*.zoho.com,zoho.com", "serial": "8c0b04e91a1796d86d1de5e89c8b3c5c", "fingerPrint": "aeecb6227dc8adef18a8fb99465739996e2782a8", "keyalg": "RSA", "PublicKeyLength": 2048, "PrivateKey": false, "isAWS": false }, "isCertInstalledMulipleServers": false, "issuer": { "cname": "Sectigo RSA Domain Validation Secure Server CA", "org": "Sectigo Limited", "orgunit": "-" }, "issuedto": { "cname": "*.zoho.com", "org": "-", "orgunit": "Domain Control Validated" }, "intermediate": {}, "ipaddress": "204.141.32.155", "CertificateId": "302" } ] }
17.5 Get SSL Certificate Keystore
Description
To get the key store file of a particular SSL certificate.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getCertificateKeyStore
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
The name of the operation and the common name of the keystore file have to be passed as input.
{"operation" : { "Details" : {"common_name" : "apitest","serial_number":"XXXXXXXXXXXXXX" //optional to provide serial number to fetch the keystore file}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getCertificateKeyStore?INPUT_DATA={"operation":{"Details":{"common_name":"apitest","serial_number":"XXXXXXXXXXXXXX"}}}
Sample Response
KeyStore File Object
17.6 Get SSL Certificate Passphrase
To get the private key passphrase of an SSL certificate.
URL
https://< Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getCertificatePassphrase
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
GET
Input Data
The following data has to be passed as input:
{"operation":{"Details":{"common_name":"mycert","serial_number":"XXXXXXXXXXXXXX"}}}
Sample Request
https://< Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getCertificatePassphrase?INPUT_DATA={"operation":{"Details":{"common_name":"mycert","serial_number":"XXXXXXXXXXXXXX"}}}
Sample Response
{
"result": {
"message": "Private key passphrase of certificate mycert is fetched.",
"status": "Success"
},
"name": "GetCertificatePassphrase",
"details": {
"Passphrase": "SamplePassphrase"
}
}
17.7 Add an SSL Certificate
To add an SSL certificate to PAM360's certificate repository.
URL
https://< Host-Name-of-PAM360-Server OR IP-Address >:<Port>/api/pki/restapi/addCertificate
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The following data has to be passed as input:
input data: {"operation":{"Details":{"fileType":"KEYSTORE","PASSWORD":"PASSWORD"}}}
Note: The fileType specified in the input data can be either CERTFILE or KEYSTORE. For CERTFILE fileType, the PASSWORD field need not be specified.
Sample Request
curl -X POST -k -H "AUTHTOKEN:<<Authtoken_generated_from_PAM360>>" -H 'Content-Type: multipart/form-data' -F INPUT_DATA='{"operation":{"Details":{"fileType":"KEYSTORE","PASSWORD":"PASSWORD"}}}' -F File=@D:/certs/newcert.keystore https://< Host-Name-of-PAM360-Server OR IP-Address >:<Port>/api/pki/restapi/addCertificate
Sample Response
{
"name": "AddCertificate",
"result":
{{"Status":"Success",
"Message": "Certificate newcert.com added successfully"}
}
}
17.8 Delete an SSL Certificate
Description
To delete an SSL certificate from PAM360's certificate repository.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/deleteCertificate
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
DELETE
Input Data
The operation name and the common name of the certificate have to be passed as input.
{"operation": {"Details":{"common_name" : "apitest","serial_number" : "XXXXXXXXXXXXXX" //optional to provide serial number to delete a certificate}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/deleteCertificate?INPUT_DATA={"operation": {"Details":{"common_name":"apitest","serial_number":"XXXXXXXXXXXXXX" // optional to provide serial number to fetch certificate details}}}
Sample Response
{"name":"DeleteCertificate","result":{"status":"Success","message":"Certificate apitest deleted successfully."}}
17.9 Perform SSL Certificate Discovery
Description
To discover a particular SSL certificate.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/sslCertSingleDiscovery
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The name/IP address of the host and port number have to be passed as input.
{"operation":{"Details":{"HOST":"de-ubuntu10-1","TIMEOUT":"300","PORT":"<Port>"}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/sslCertSingleDiscovery?INPUT_DATA={"operation":{"Details":{"HOST":"de-ubuntu10-1","TIMEOUT":"300","PORT":"<Port>"}}}
Sample Response
{ "name": "Get SSL Discovery", "totalRows": 1, "details": { "zoho.com": [ "SUCCESS", "SSL Certificate already available, *.zoho.com certificate found at port 443" ] } }
17.10 Perform SSL Certificate Discovery (For a Range of IP Addresses)
Description
To discover a set of SSL certificates.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/sslCertRangeDiscovery
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The start and end IP addresses, port number and time-out have to be passed as input.
{"operation":{"Details":{"StartIpAddress":"192.xxx.xxx.x",
"EndIpAddress":"192.xxx.xxx.x",
"TIMEOUT":"3",
"PORT":"443"}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/sslCertRangeDiscovery?INPUT_DATA={"operation":{"Details":{"StartIpAddress":"192.xxx.xxx.0","EndIpAddress":"192.xxx.xxx.3","TIMEOUT":"3","PORT":"443"}}}
Sample Response
{ "name": "Get SSL Discovery", "totalRows": 4, "details": { "192.168.216.1": [ "FAILURE", "Connection failed,no certificate found at port 443" ], "192.168.216.0": [ "FAILURE", "Connection timed out,no certificate found at port 443" ], "192.168.216.2": [ "FAILURE", "Connection timed out,no certificate found at port 443" ], "192.168.216.3": [ "FAILURE", "Connection timed out,no certificate found at port 443" ] } }
17.11 Create an SSL Certificate
Description
To create an SSL certificate.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/createCertificate
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The following data have to be passed as input:
{"operation":{"Details":{"CNAME":"mytestcert",
"ALT_NAMES":"test",
"ORGUNIT":"zohocorp",
"ORG":"manageengine",
"LOCATION":"chennai",
"STATE":"Tamilnadu",
"COUNTRY":"IN",
"PASSWORD":"zohocorp",
"VALIDITY":"888",
"VALIDITY_TYPE":"days",
"ALG":"RSA",
"LEN":"4096",
"SIGALG":"SHA256",
"StoreType":"PKCS12"}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>
Sample Response
{"name":"CreateCertificate","result":{"status":"Success","message":"Certificate saved successfully"}}
17.12 Deploy an SSL Certificate
(This API works from PAM360 build 5300 and above only)
Description
To deploy an SSL certificate.
HTTPS Method
POST
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA={"operation":{"Details":{"common_name":"testcert","serial_number":"xxxxxxxx","serverName":"testmachine"}}}
Note: It is optional to provide the server name. The server name allows you to deploy certificates to that particular server. Without the server name, the certificates are deployed to all the saved servers from the client.
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/deployCertificate
Sample Response
{"result": {
"message": "Certificate deployment is successful.",
"status": "Success"
},
"name": "DeployCertificate",
"totalRows": 1,
"deployStatus": [
{
"server": "testmachine",
"message": "Certificate testcert of format CER and PFX deployed in testmachine successfully.",
"status": "Success"
}]}
17.13 Share an SSL Certificate to User
(This API works from PAM360 build 5300 and above only)
Description
To share an SSL certificate to a user.
HTTPS Method
POST
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/shareCertificateToUser
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA:{"operation":{"Details":{ "common_name":"certificate","serial_number":"179ae1f45a8" ,"userId":"301"}}}
Sample Response
{ "result": {
"message": "Certificate shared successfully.",
"status": "Success"
}, "name": "ShareCertificate"}
17.14 Share SSL Certificate to User Group
(This API works from PAM360 build 5300 and above only)
Description
To share an SSL certificate to a user group.
HTTPS Method
POST
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/shareCertificateToUserGroup
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA:{"operation":{"Details":{ "common_name":"certificate","serial_number":"179ae1f45a8" ,"userGroupId":"301"}}}
Sample Response
{ "result": { "message": "Certificate shared successfully.", "status": "Success" }, "name": "ShareCertificate" }
17.15 Share SSL Certificate Group to User
(This API works from PAM360 build 5300 and above only)
Description
To share an SSL certificate group to a user.
HTTPS Method
POST
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/shareCertificateGroupToUser
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA:{"operation":{"Details":{ "certificate_group_name":"certificate" ,"userId":"301"}}}
Sample Response
{ "result": { "message": "Certificate shared successfully.", "status": "Success" }, "name": "ShareCertificate" }
17.16 Share SSL Certificate Group to User Group
(This API works from PAM360 build 5300 and above only)
Description
To share an SSL certificate group to a user group.
HTTPS Method
POST
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/shareCertificateGroupToUserGroup
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA:{"operation":{"Details":{ "certificate_group_name":"certificate" ,"userGroupId":"301"}}}
Sample Response
{ "result": { "message": "Certificate shared successfully.", "status": "Success" }, "name": "ShareCertificate" }
17.17 Revoke SSL Certificate from User
(This API works from PAM360 build 5300 and above only)
Description
To revoke an SSL certificate from a user.
HTTPS Method
POST
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/revokeCertificateFromUser
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA:{"operation":{"Details":{ "common_name":"certificate","serial_number":"179ae1f45a8" ,"userId":"301"}}}
Sample Response
{ "result": { "message": "Access to certificate revoked successfully.", "status": "Success" }, "name": "RevokeCertificate" }
17.18 Revoke SSL Certificate from User Group
(This API works from PAM360 build 5300 and above only)
Description
To revoke an SSL certificate from a user group.
HTTPS Method
POST
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/revokeCertificateFromUserGroup
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA:{"operation":{"Details":{ "common_name":"certificate","serial_number":"179ae1f45a8" ,"userGroupId":"301"}}}
Sample Response
{ "result": { "message": "Access to certificate revoked successfully.", "status": "Success" }, "name": "RevokeCertificate" }
17.19 Revoke SSL Certificate Group from User
(This API works from PAM360 build 5300 and above only)
Description
To revoke an SSL certificate group from a user.
HTTPS Method
POST
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/revokeCertificateGroupFromUser
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA:{"operation":{"Details":{ "certificate_group_name":"certificate" ,"userId":"301"}}}
Sample Response
{ "result": { "message": "Access to certificate revoked successfully.", "status": "Success" }, "name": "RevokeCertificate" }
17.20 Revoke SSL Certificate Group from User Group
(This API works from PAM360 build 5300 and above only)
Description
To revoke an SSL certificate group from a user group.
HTTPS Method
POST
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/revokeCertificateGroupFromUserGroup
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA:{"operation":{"Details":{ "certificate_group_name":"certificate" ,"userGroupId":"301"}}}
Sample Response
{ "result": { "message": "Access to certificate revoked successfully.", "status": "Success" }, "name": "RevokeCertificate" }
17.21 Create SSL Certificate Group
(This API works from PAM360 build 5300 and above only)
Description
To create an SSL certificate group.
HTTPS Method
POST
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/createCertificateGroup
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA={"operation":{"Details":{ "group_name":"NAME","group_description":"This is the description for the group certificate","group_mail":"pam360@zohocorporation.com","ssl_details":"301,202"}}}
Sample Response
{"result":{"message":"Certificate group added successfully.","status":"Success"},"name":"createCertificateGroup"}
17.22 Delete SSL Certificate Group
(This API works from PAM360 build 5300 and above only)
Description
To delete an SSL certificate group.
HTTPS Method
DELETE
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/deleteCertificateGroup
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA={"operation":{"Details":{ "group_name":"NAME"}}}
Sample Response
{"result":{"message":"The certificate group is deleted successfully.","status":"Success"},"name":"deleteCertificateGroup"}
17.23 Edit SSL Certificate Group
(This API works from PAM360 build 5300 and above only)
Description
To edit an SSL certificate group.
HTTPS Method
POST
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/editCertificateGroup
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA={"operation":{"Details":{ "group_name":"NEW NAME","group_description":"This is new description for the group certificate","group_mail":"pam360@zohocorporation.com","ssl_details":"1,2,3"}}}
Sample Response
{"result":{"message":"The certificate group is updated successfully.","status":"Success"},"name":"editCertificateGroup"}
17.24 Generate an SSL Agent Install Key
(This API works from PAM360 build 5300 and above only)
Description
To generate an SSL agent install key.
HTTPS Method
POST
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/generateInstallKey
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Sample Response
{ "result": { "message": "Agent install key fetched successfully", "status": "Success" }, "name": "GetAgentInstallKey", "totalRows": 1, "AgentInstallKey": "20570b9e0ceaa936" }
17.25 Get an SSL Certificate in Different File Formats
(This API works from PAM360 build 6200 and above only)
Description
To obtain a certificate from PAM360's certificate repository in different file formats.
HTTPS Method
GET
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
The operation details and the name of the certificate fetched to be passed as input
{"operation":{"Details":{"common_name":"certificate_common_name","serial_number":"certificate_serial_number,"fileType":"File format"}}}
Notes:
- The certificates can be exported in the following file formats: CER, CRT, DER, P7B, PKCS, JKS, PEM, KEY.
- Specify the required file format in 'fileType' to export the certificate in that format.
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getCertificate?INPUT_DATA={"operation":{"Details":{"common_name":"examplecert","serial_number":"182e967a976","fileType":"PEM"}}}
Sample Response
Certificate object
17.26 Fetch SSL Vulnerabilities Count
Description
To fetch the total number of SSL vulnerabilities.
HTTPS Method
GET
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
None
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getSSLVulnerabilityCount
Sample Response
{
"result": {
"message": "SSL vulnerability data fetched successfully.",
"status": "Success"
},
"name": "GetSSLVulnerabilityCount",
"details": {
"SSLVulnerabilityCount": {
"Weak Cipher Suites": 0,
"Poodle SSL": 0,
"Revoked": 0,
"SSLv3 Enabled": 0,
"No TLS1.2": 1,
"Heartbleed": 0
}
}
}
17.27 Discover SSL in Bulk from Files
Description
To perform SSL discovery based on the DNS names stored in the files.
HTTPS Method
POST
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA:{"operation":{"Details":{"FileName":"sslDiscInputFile.txt","TIMEOUT":"3","PORT":443}}}
File=@C:/path/to/file/sslDiscovery
Sample Request
curl -X POST -k -H "AUTHTOKEN:A36ECFEF-7374-4DE2-B1A0-3EE719E3D2C7" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"FileName":"sslDiscoveryInputFile.txt","TIMEOUT":"3","PORT":443}}} -F File=@C:/path/to/file/sslDiscoveryInputFile.txt https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/sslCertFileBasedDiscovery
Sample Response
{
"result": {
"message": "SSL discovery completed successfully",
"status": "Success"
},
"name": "Get SSL Discovery",
"details": {
"10.53.0.209": [
"FAILURE",
"Connection timed out,no certificate found at port 443"
],
"10.53.0.208": [
"FAILURE",
"Connection timed out,no certificate found at port 443"
],
"10.53.0.212": [
"FAILURE",
"Connection timed out,no certificate found at port 443"
]
},
"totalRows": 3
}
18. CSR
18.1 Create CSR
Description
To create a certificate signing request.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/createCSR
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
HTTP Method
POST
Input Data
The following data need to be passed as input.
{"operation":{"Details":{"CNAME":"mytestcert",
"ALT_NAMES":"test",
"ORGUNIT":"zohocorp",
"ORG":"manageengine",
"LOCATION":"chennai",
"STATE":"Tamilnadu",
"COUNTRY":"IN",
"PASSWORD":"zohocorp",
"VALIDITY":"888",
"VALIDITY_TYPE":"days",
"ALG":"RSA",
"LEN":"4096",
"SIGALG":"SHA256",
"StoreType":"PKCS12"}}}
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/createCSR?INPUT_DATA={"operation":{"Details":{"CNAME":"mytestcert", "ALT_NAMES":"test", "ORGUNIT":"zohocorp", "ORG":"manageengine", "LOCATION":"chennai", "STATE":"Tamilnadu","COUNTRY":"IN", "PASSWORD":"zohocorp", "VALIDITY":"888", "VALIDITY_TYPE":"days", "ALG":"RSA", "LEN":"4096", "SIGALG":"SHA256", "StoreType":"PKCS12"}}}
Sample Response
{"name":"CreateCertificate","result":{"status":"Success","message":"CSR saved successfully"}}
18.2 Get CSR List
Description
To get a CSR list.
HTTPS Method
GET
Input Data
INPUT_DATA={"operation":{"Details":{"common_name":"testcsr"}}} (optional)
Note: Without INPUT_DATA all the CSR will be fetched. But with INPUT_DATA, the CSR matching the common_name criteria alone will be fetched.
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Sample Request
https://<HostName>:8282/api/pki/restapi/getCSRList
Sample Response
{ "name": "GetCSRList", "result": { "status": "Success", "message": "Fetched all CSRs successfully" }, "totalRows": 1, "details": [ { "CREATED_BY": "admin", "KEYALGORITHM": "RSA", "KEYSTORE_TYPE": "JKS", "isPassword": true, "CSR_ID": 1, "CREATED_DATE": "May 15, 2020 19:51", "LOGIN_ID": 301, "KEY_STRENGTH": 2048, "DOMAIN_NAME": "testcsr", "VALIDITY": "30", "SIGNATURE_ALGORITHM": "SHA256withRSA" } ] }
18.3 Import CSR
Description
To import the list of CSRs available in the request list.
URL
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/importCSR
HTTPS Method
POST
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA={"operation":{"Details":{"password":"Test@123","Email":"test@mail.com"}}}
Note: It is optional to provide the Key File. If the Key File is provided, the Password field is mandatory.
Sample Request
curl -X POST -k -H 'AUTHTOKEN:A3164150-4C15-4AA4-918E-F258F38149F8' 'https://Host-Name-of-PAM360-Server OR IP-Address:<Port>/api/pki/restapi/importCSR' -F 'CSR=@"/home/downloads/test.csr"' -F 'Key=@"/home/downloads/test.keystore"' -F 'INPUT_DATA={"operation":{"Details":{"password":"Test@123","Email":"pam-server@manageengine.com"}}}'
Sample Response
{
"result": {
"message": "CSR demo.test.com imported successfully.",
"status": "Success"
},
"name": "importCSR"
}
18.4 Sign CSR
Description
To sign a CSR.
HTTPS Method
POST
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
INPUT_DATA={"operation":{"Details":{"rootCertificateCommonName":"testroot","rootCertificateSerialNumber":"1879376424c","Validity":100,"isIntermediate":"true","CSR_ID":"301"}}}
or
INPUT_DATA={"operation":{"Details":{"signType":"signWithRoot","rootCertificateCommonName":"testroot","rootCertificateSerialNumber":"1879376424c","Validity":100,"isIntermediate":"true","CSR_ID":"301"}}}
Note: The 'signType' can be 'MSCA' or 'signWithRoot'. By default the 'signType' will be taken as 'MSCA'.
Sample Request
https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/signCSR
Sample Response
{
"result": {
"message": "Certificate csr successfully signed with test.",
"status": "Success"
},
"name": "SignCSR",
"details": [
{
"commonName": "test",
"Certificate_ID": 3301,
"serialNumber": "bd865c93"
}
]
}
19. PGP Keys
19.1 Fetch PGP Keys
(This API works from PAM360 build 6200 and above only)
Description
To fetch PGP Keys
HTTPS Method
GET
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
Input Data
The following data is to be passed as input:
- {"operation":{"Details":{"User":"test (test) <tes@test.com>","keyExportType":"public"}}}
- {"operation":{"Details":{"User":"test (test) <tes@test.com>","keyExportType":"private"}}}
Notes:
Sample Request
- https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getPGPKey?INPUT_DATA={"operation":{"Details":{"User":"test (test) <tes@test.com>","keyExportType":"public"}}}
- https://<Host-Name-of-PAM360-Server OR IP-Address>:<Port>/api/pki/restapi/getPGPKey?INPUT_DATA={"operation":{"Details":{"User":"test (test) <tes@test.com>","keyExportType":"private"}}}
Sample Response
Key file
20. Reports
Prerequisite:
The APIs in this section can be performed only if the Reports privilege is enabled for the user in Roles.
20.1 Fetch All Users Report
(This API works from PAM360 build 7500 and above only)
Description
To fetch the username and user ID of all the users available in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/reports/users
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTP Method
GET
Note: If the limit parameter is not specified, a default value of 100 will be applied. For instance, in an organization with 200 users, if you set the startIndex value to 100 without specifying a limit, the API response will return user details from position 101 to 200, effectively skipping the first 100 users. However, if you specify the limit as 50 along with the same startIndex value, the response will include user details from position 101 to 150.
Input Data
The following data need to be passed as input.
INPUT_DATA=
{
"operation": {
"Details": {
"limit": 3,
"startIndex": 1,
"searchValue": "johnson",
"searchColumn": "userId|userName",
"searchOperator": "contains|doesNotContain|equals|notEquals|startsWith|endsWith"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Users' details have been fetched successfully.",
"status": "Success",
"statusCode": 20000
},
"Details": [
{
"userName": "admin",
"userId": 1
},
{
"userName": "guest",
"userId": 2
},
{
"userName": "apiAdmin",
"userId": 301
}
],
"numberOfRowsFetched": 3,
"name": "GET_USER(S)_REPORT",
"totalRows": 3
}
}
20.2 Fetch All User Groups Report
(This API works from PAM360 build 7500 and above only)
Description
To fetch the user group name and user group ID of all the user groups available in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/reports/usergroups
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTPS Method
GET
Note: If the limit parameter is not specified, a default value of 100 will be applied. For instance, in an organization with 200 user groups, if you set the startIndex value to 100 without specifying a limit, the API response will return user group details from position 101 to 200, effectively skipping the first 100 user groups. However, if you specify the limit as 50 along with the same startIndex value, the response will include user group details from position 101 to 150.
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"limit": 3,
"startIndex": 1,
"searchValue": "admin",
"searchColumn": "userGroupId|userGroupName",
"searchOperator": "contains|doesNotContain|equals|notEquals|startsWith|endsWith"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "User groups' details have been fetched successfully.",
"status": "Success",
"statusCode": 20000
},
"Details": [
{
"userGroupName": "admin",
"userGroupId": 1,
},
],
"operationName": "GET_USERGROUP(S)_REPORT",
"totalRows": 1,
"numberOfRowsFetched": 1
}
}
20.3 Fetch All Resources Report
(This API works from PAM360 build 7500 and above only)
Description
To fetch the resource name and resource ID of all the resources available in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/reports/resources
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTPS Method
GET
Note: If the limit parameter is not specified, a default value of 100 will be applied. For instance, in an organization with 200 resources, if you set the startIndex value to 100 without specifying a limit, the API response will return resource details from position 101 to 200, effectively skipping the first 100 resources. However, if you specify the limit as 50 along with the same startIndex value, the response will include resource details from position 101 to 150.
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"limit": 3,
"startIndex": 1,
"searchValue": "johnson",
"searchColumn": "resourceId|resourceName",
"searchOperator": "contains|doesNotContain|equals|notEquals|startsWith|endsWith"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Resource details list fetched successfully",
"status": "Success",
"statusCode": 20000
},
"Details": [
{
"resourceId": 1,
"resourceName": "pam360-os1.win.domain.com"
},
{
"resourceId": 2,
"resourceName": "Windows Server"
}
],
"numberOfRowsFetched": 2,
"name": "GET_RESOURCE(S)_REPORT",
"totalRows": 2
}
}
20.4 Fetch All Resource Groups Report
(This API works from PAM360 build 7500 and above only)
Description
To fetch the resource group name and resource group ID of all the resource groups available in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP-address>:<Port>/restapi/json/v1/reports/resourcegroups
Header
AUTHTOKEN=<<Authtoken_generated_from_PAM360>>
orgName=<<org display name>>
HTTPS Method
GET
Note: If the limit parameter is not specified, a default value of 100 will be applied. For instance, in an organization with 200 resource groups, if you set the startIndex value to 100 without specifying a limit, the API response will return resource group details from position 101 to 200, effectively skipping the first 100 resource groups. However, if you specify the limit as 50 along with the same startIndex value, the response will include resource group details from position 101 to 150.
Input Data
INPUT_DATA=
{
"operation": {
"Details": {
"limit": 3,
"startIndex": 1,
"searchValue": "johnson",
"searchColumn":"resourceGroupId|resourceGroupName",
"searchOperator": "contains|doesNotContain|equals|notEquals|startsWith|endsWith"
}
}
}
Sample Output
{
"operation": {
"result": {
"message": "Resource group list fetched successfully.",
"status": "Success",
"statusCode": 20000
},
"Details": [
{
"resourceGroupId": 1,
"resourceGroupName": "Default Group"
},
{
"resourceGroupId": 2,
"resourceGroupName": "Administrators"
},
{
"resourceGroupId": 301,
"resourceGroupName": "Windows Domains"
}
],
"numberOfRowsFetched": 3,
"name": "GET_RESOURCEGROUP(S)_REPORT",
"totalRows": 3
}
}