PAM360 REST APIs

PAM360 REST APIs enable seamless application-to-application integration by allowing external systems to securely connect with, interact with, and automate operations within PAM360. These APIs follow the Representational State Transfer (REST) architectural style and use standard HTTP methods to perform operations programmatically. With support for 120+ REST APIs, PAM360 exposes extensive functionality across resource management, account management, password operations, access control, user and group administration, certificate and key management, and more, making it suitable for enterprise-scale automation and orchestration.

Using PAM360 REST APIs, you can:

  • Create and manage resources and accounts
  • Add and manage SSL certificates and SSH keys
  • Associate SSH keys with resources
  • Retrieve passwords and resource/account details securely
  • Update passwords programmatically
  • Share resources and accounts with users or user groups
  • Integrate PAM360 with third-party tools, scripts, and workflows

1. Prerequisites

To invoke any PAM360 API, you should have an API user account created in PAM360. If hostname validation is enabled for the API user account, PAM360 verifies the hostname of each incoming API request and processes the request only when the hostname matches the one configured for that API user account.

After creating the API user account, the API user should regenerate the authentication token either from the PAM360 UI or by using the Regenerate API before accessing the APIs. The AUTHTOKEN is unique to each API user account and is mandatory. It should be included in the request header to authenticate all PAM360 API requests.

2. HTTP Methods Supported

PAM360 REST APIs support the following HTTP methods:

  • GET - Retrieve resources, accounts, passwords, details, etc.
  • POST - Create new resources, accounts, associations, configurations, etc.
  • PUT - Update existing entities, such as changing passwords, details, configurations, etc.
  • DELETE - Remove resources, accounts, associations, or configurations from PAM360.

3. Invoking the APIs

All PAM360 REST APIs are invoked using standard HTTP requests with the following key requirements:

  • Requests should be sent using GET, POST, or PUT
  • Request parameters should be form-urlencoded
  • The PAM360 authentication token should be included in the request header

4. Supported Format

Sample URL Structure

https://<PAM360-Host-Name-or-IP>:<Port>/restapi/json/v1/resources/<Resource_ID>/accounts/<Account_ID>

Sample Header

AUTHTOKEN=<Generated_PAM360_AUTHTOKEN>

5. API Organization and Documentation Structure

All PAM360 REST APIs are clearly categorized by module and CRUD operations, making them easy to discover and consume. As shown in the navigation menu, APIs are grouped under logical sections such as:

  • Authentication and Security
  • Resource Management
  • Resource Group Management
  • Account Management
  • Password Management
  • Access Control
  • User Management
  • User Group Management
  • SSH and PGP Keys
  • SSL Certificates

Each API Section provides:

  • Clear endpoint definitions
  • Descriptive input parameters
  • Sample requests using cURL, Python, and PowerShell
  • Detailed response examples

6. Common Error Codes and Solution


1. Authentication Error - 40018

{"operation" : {"result" : {"message" : "API key received is not associated to any user. Authentication failed.",
                            	  "status" : "Failed",
                            	  "statusCode" : 40018},
                            	"name" : "Authentication"}}

Cause : The AUTHTOKEN provided in the request is invalid or not associated with any API user account.

Solution : Ensure that a valid AUTHTOKEN is passed in the request header. If the issue persists, contact your PAM360 administrator.

2. Authentication Error - 40030

{"operation" : {"result" : {"message" : "User is not allowed to access from this host",
                        	  "status" : "Failed",
                        	  "statusCode" : 40030},
                        	"name" : "Authentication"}}

Cause : The API request originated from a host that does not match the hostname configured for the API user in PAM360.

Solution : Trigger the API request from the configured host machine or update the allowed host settings in PAM360. Contact your administrator if required.

3. Authentication Error - 40035

{"operation" : {"result" : {"message" : "Regenerate your authentication token using the authentication token regeneration API to use the subsequent PAM360 APIs.",
                        	  "status" : "Failed",
                        	  "statusCode" : 40035},
                        	"name" : "Authentication"}}

Cause : Authentication failed because the AUTHTOKEN has not been generated or regenerated after creating the API user account. PAM360 does not allow API access until a valid, regenerated token is in use.

Solution : Regenerate the AUTHTOKEN using the Authentication Token Regenerate API, or regenerate it from the PAM360 UI, and include the new token in the request header for all subsequent API calls.

4. Authentication Error - 40003

{"operation" : {"result" : {"message" : "Unauthorized Access - You are not allowed to perform this operation.  This incident will be audited.",
                        		"status" : "Failed",
                        		"statusCode" : 40003},
                        	"name" : SHARE_RESOURCE(S)}}

Case : The operation failed because the user does not have the necessary role-based permissions to perform this action.

Solution : Request the appropriate permissions from your IT administrator. Ensure that your user role is updated with the required access rights to execute the operation. Once the permissions are granted, retry the operation.

Top