Tenable.sc API: Credential

 



/credential

Methods
GET

Gets the list of Credentials.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

NOTE: 'typeFields' returns type-specific parameters inside of a 'typeFields." It does not consider authType, privilegeEscalation, or dbType. If requested, typeFields returns as follows:

type"database": login, password, sid, port, authType, dbType, oracleAuthType, oracle_service_type, source, csv_file, SQLServerAuthType, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, vault_address, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, lieberman_system_name, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, hashicorp_vault_type,sybase_ase_auth_type

type"ssh": authType, username, password, publicKey, privateKey, passphrase, kdc_ip, kdc_port, kdc_protocol, kdc_realm, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, vault_address, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, thycotic_secret_name, thycotic_url, thycotic_username, thycotic_password, thycotic_organization, thycotic_domain, thycotic_private_key, thycotic_ssl_verify, privilegeEscalation, escalationUsername, escalationPassword, escalationSuUser, escalationPath, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, beyondtrust_host, beyondtrust_port, beyondtrust_api_key, beyondtrust_duration, beyondtrust_use_ssl, beyondtrust_verify_ssl, beyondtrust_use_private_key, beyondtrust_use_escalation, beyondtrust_api_user, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, pam_host, pam_port, pam_api_user, pam_api_key, pam_auth_url, pam_query_url, pam_engine_url, pam_namespace, pam_duration, pam_use_ssl, pam_verify_ssl, hashicorp_vault_type

type"snmp": communityString
type"windows": authType, username, password, domain, kdc_ip, kdc_port, kdc_protocol, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, thycotic_secret_name, thycotic_url, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, thycotic_username, thycotic_password, thycotic_organization, thycotic_domain, thycotic_ssl_verify, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, beyondtrust_host, beyondtrust_port, beyondtrust_api_key, beyondtrust_duration, beyondtrust_use_ssl, beyondtrust_verify_ssl, beyondtrust_api_user, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, pam_host, pam_port, pam_api_user, pam_api_key, pam_auth_url, pam_query_url, pam_engine_url, pam_namespace, pam_duration, pam_use_ssl, pam_verify_ssl, hashicorp_vault_type

type"apiGateway": authType,datapower_client_cert, datapower_private_key, datapower_private_key_passphrase, datapower_enable_hashicorp, datapower_custom_header_key, datapower_custom_header_value

Allowed Fields

*id
**name
**description
**type
creator
target
groups

typeFields
tags
createdTime
modifiedTime
canUse
canManage 

Session user role not "1" (Administrator)

owner
ownerGroup
targetGroup

Legend

* = always comes back

** = comes back if fields list not specified on GET all

Request Parameters

None

Filter Parameters

usable - The response will be an object containing an array of usable Credentials. By default, both usable and manageable objects are returned.
manageable - The response will be an object containing all manageable Credentials. By default, both usable and manageable objects are returned.

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"usable" : [
			{
				"id" : "1000001",
				"name" : "Test",
				"description" : "",
				"type" : "ssh"
			},
			{
				"id" : "1000002",
				"name" : "test",
				"description" : "",
				"type" : "ssh"
			}
		],
		"manageable" : [
			{
				"id" : "1000001",
				"name" : "Test",
				"description" : "",
				"type" : "ssh"
			},
			{
				"id" : "1000002",
				"name" : "test",
				"description" : "",
				"type" : "ssh"
			}
		]
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408719365
}

 

POST

Adds a Credential.

Request Parameters
Expand
{
	"name" : <string>,
	"tags" : <string> DEFAULT "",
	"description" : <string> DEFAULT "",
	"type" : <string> "apiGateway" | "database" | "windows" | "snmp" | "ssh"
	...
}

type is "database"

{
	...
	"login" : <string>,	
	"sid" : <string> DEFAULT "",
	"authType" : <string> "cyberark" | "Hashicorp" | "lieberman" | "password",
	"dbType" : <string> "Oracle" | "SQL Server" | "DB2" | "MySQL" | "PostgreSQL" | "Informix/DRDA" | "Sybase ASE" | "Apache Cassandra",
	"port" : <string> (valid port number),

	authType "password"
	-------------------
	"password" : <string>,
	
	authType "cyberark"
	-------------------
	"vault_host" : <string> (valid IP or IP host),
	"vault_port" : <string> (valid port number),
	"vault_username" : <string> DEFAULT "",
	"vault_password" : <string> DEFAULT "",
	"vault_cyberark_url" : <string> DEFAULT "",
	"vault_safe" : <string>,
	"vault_app_id" : <string>,
	"vault_policy_id" : <string> DEFAULT "",
	"vault_folder" : <string>,
	"vault_use_ssl" : <string> "false" | "true",
	"vault_verify_ssl" : <string> "false" | "true",
	"vault_address" : <string> DEFAULT "",
	"vault_account_name" : <string>,
	"vault_cyberark_client_cert" : <string>,
	"vault_cyberark_private_key" : <string>,
	"vault_cyberark_private_key_passphrase" : <string>,
	"dbType" : <string>,

	authType "Hashicorp"
	--------------------
	"hashicorp_host" : <string> (valid IP or IP host),
	"hashicorp_port" : <string> (valid port number),
	"hashicorp_authentication_type" : <string> "App Role" | "Certificates",
	"hashicorp_role_id" : <string>,
	"hashicorp_role_secret_id" : <string>,
	"hashicorp_client_cert" : <string>,
	"hashicorp_private_key" : <string>,
	"hashicorp_private_key_passphrase" : <string>,
	"hashicorp_auth_url" : <string>,
	"hashicorp_namespace" : <string>,
	"hashicorp_kv_url" : <string>,
	"hashicorp_username_source" : <string> "Hashicorp Vault" | "Manual Entry",
	"hashicorp_userkey" : <string>,
	"hashicorp_passkey" : <string>,
	"hashicorp_secret" : <string>,
	"hashicorp_use_ssl" : <string> "false" | "true",
	"hashicorp_verify_ssl" : <string> "false" | "true",
	"hashicorp_vault_type" : <string> "KV1" | "KV2" | "AD",

	authType "lieberman"
	--------------------
	"lieberman_host" : <string> (valid IP or IP host),
	"lieberman_port" : <string> (valid port number),
	"lieberman_pam_user" : <string> DEFAULT "",
	"lieberman_pam_password" : <string> DEFAULT "",
	"lieberman_use_ssl" : <string> "false" | "true",
	"lieberman_verify_ssl" : <string> "false" | "true",
	"lieberman_system_name" : <string>,
	
	dbType "Oracle"
	---------------
	"OracleAuthType" : <string>,
	"oracle_service_type" : <string>,
	"source" : <string>,
	
    dbType "Oracle" and source "Import"
    -----------------------------------
    "csv_file" : <string>,

    dbType "DB2"
    ------------
    "source" : <string> "Entry" | "Import",
 
    dbType "DB2" and source "Import"
    --------------------------------
    "csv_file" : <string>,
 
    dbType "MySQL"
    --------------
    "source" : <string> "Entry" | "Import",
 
    dbType "MySQL" and source "Import"
    ----------------------------------
    "csv_file" : <string>,

	dbType "SQL Server"
	-------------------
	"SQLServerAuthType" : <string>,
	"source" : <string> "Entry" | "Import",

    dbType "SQL Server" and source "Import"
    ---------------------------------------
    "csv_file" : <string>,

	dbType "Sybase ASE"
	-------------------
	"sybase_ase_auth_type" : <string> "RSA" | "Plain Text"

}

type is "ssh"

{
	...
	"username" : <string>,
	"authType" : <string> "BeyondTrust" | "Centrify" | "certificate" | "cyberark" | "Hashicorp" | "kerberos" | "lieberman" | "password" | "publickey" | "thycotic",
	
	authType "Arcon"
	----------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_api_user" : <string>,
	"pam_api_key" : <string>,
	"pam_auth_url" : <string>,
	"pam_query_url" : <string>,
	"pam_engine_url" : <string>,
	"pam_namespace" : <string>,
	"pam_duration" : <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes"

	authType "BeyondTrust"
	----------------------
	"beyondtrust_host" : <string> (valid IP or IP host),
	"beyondtrust_port" : <string> (valid port number),
	"beyondtrust_api_key" : <string>,
	"beyondtrust_duration" : <string>,
	"beyondtrust_use_ssl" : <string> "no" | "yes",
	"beyondtrust_verify_ssl" : <string> "no" | "yes",
	"beyondtrust_use_private_key" : <string> "no" | "yes",
	"beyondtrust_use_escalation" : <string> "no" | "yes",
	"beyondtrust_api_user" : <string>,

	authType "Centrify"
	----------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_api_user" : <string>,
	"pam_api_key" : <string>,
	"pam_namespace" : <string>,
	"pam_auth_url" : <string>,
	"pam_query_url" : <string>,
	"pam_engine_url" : <string>,
	"username" : <string>,
	"pam_duration" : <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes"
	
	authType "certificate"
	----------------------
	"publicKey" : <string>,
	"privateKey" : <string>,
	"passphrase" : <string> DEFAULT "",
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",
	
	authType "cyberark"
	-------------------
	"vault_host" : <string> (valid IP or IP host),
	"vault_port" : <string> (valid port number),
	"vault_username" : <string> DEFAULT "",
	"vault_password" : <string> DEFAULT "",
	"vault_cyberark_url" : <string> DEFAULT "",
	"vault_safe" : <string>,
	"vault_app_id" : <string>,
	"vault_policy_id" : <string> DEFAULT "",
	"vault_folder" : <string>,
	"vault_use_ssl" : <string> "false" | "true",
	"vault_verify_ssl" : <string> "false" | "true",
	"vault_address" : <string> DEFAULT "",
	"vault_account_name" : <string>,
	"vault_cyberark_client_cert" : <string>,
	"vault_cyberark_private_key" : <string>,
	"vault_cyberark_private_key_passphrase" : <string>,
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",

	authType "Hashicorp"
	--------------------
	"hashicorp_host" : <string> (valid IP or IP host),
	"hashicorp_port" : <string> (valid port number),
	"hashicorp_authentication_type" : <string> "App Role" | "Certificates",
	"hashicorp_role_id" : <string>,
	"hashicorp_role_secret_id" : <string>,
	"hashicorp_client_cert" : <string>,
	"hashicorp_private_key" : <string>,
	"hashicorp_private_key_passphrase" : <string>,
	"hashicorp_auth_url" : <string>,
	"hashicorp_namespace" : <string>,
	"hashicorp_kv_url" : <string>,
	"hashicorp_username_source" : <string> "Hashicorp Vault" | "Manual Entry",
	"hashicorp_userkey" : <string>,
	"hashicorp_passkey" : <string>,
	"hashicorp_secret" : <string>,
	"hashicorp_use_ssl" : <string> "false" | "true",
	"hashicorp_verify_ssl" : <string> "false" | "true",
	"hashicorp_vault_type" : <string> "KV1" | "KV2" | "AD"
	
	authType "kerberos"
	-------------------
	"password" : <string>,
	"kdc_ip" : <string> (valid IP address),
	"kdc_port" : <string> (valid port number),
	"kdc_protocol" : <string>,
	"kdc_realm" : <string>,
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",

	authType "lieberman"
	--------------------
	"lieberman_host" : <string> (valid IP or IP host),
	"lieberman_port" : <string> (valid port number),
	"lieberman_pam_user" : <string> DEFAULT "",
	"lieberman_pam_password" : <string> DEFAULT "",
	"lieberman_use_ssl" : <string> "false" | "true",
	"lieberman_verify_ssl" : <string> "false" | "true",
	
	authType "password"
	-------------------
	"password" : <string>,
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",
	
	authType "publickey"
	--------------------
	"privateKey" : <string>,
	"passphrase" : <string> DEFAULT "",
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",
	
	authType "thycotic"
	-------------------
	"thycotic_secret_name" : <string>,
	"thycotic_url" : <string>,
	"thycotic_username" : <string>,
	"thycotic_password" : <string>,
	"thycotic_organization" : <string> DEFAULT "",
	"thycotic_domain" : <string> DEFAULT "",
	"thycotic_private_key " : <string> "no" | "yes",
	"thycotic_ssl_verify" : <string> "no" | "yes",
	"privilegeEscalation" : <string> "none" | "su" | "sudo" | "su+sudo" | "dzdo" | "pbrun" | "cisco" | ".k5login",
	
	privilegeEscalation ".k5login" and authType not "cyberark"
	----------------------------------------------------------
	"escalationUsername" : <string>

	privilegeEscalation ".k5login" and authType "cyberark"
	------------------------------------------------------
	"escalationPassword" : <string>
	
	privilegeEscalation "cisco" and authType not "thycotic"
	-------------------------------------------------------
	"escalationPassword" : <string>

	privilegeEscalation "cisco" and authType "thycotic"
	---------------------------------------------------
	"escalationUsername" : <string>
	
	privilegeEscalation "dzdo" and authType not "thycotic"
	-----------------------------------------------------
	"escalationUsername" : <string> DEFAULT "",
	"escalationPassword" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT ""
	
	privilegeEscalation "dzdo" and authType "thycotic"
	--------------------------------------------------
	"escalationUsername" : <string>, DEFAULT "",
	"escalationPath" : <string> DEFAULT ""
	
	privilegeEscalation "pbrun" and authType not "thycotic"
	-------------------------------------------------------
	"escalationPassword" : <string>,
	"escalationPath" : <string> DEFAULT ""

	privilegeEscalation "pbrun" and authType "thycotic"
	---------------------------------------------------
	"escalationUsername" : <string>,
	"escalationPath" : <string> DEFAULT ""
	
	privilegeEscalation "su+sudo" and authType not "thycotic"
	---------------------------------------------------------
	"escalationSuUser" : <string>,
	"escalationUsername" : <string> DEFAULT "",
	"escalationPassword" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT ""

	privilegeEscalation "su+sudo" and authType "thycotic"
	-----------------------------------------------------
	"escalationSuUser" : <string>,
	"escalationUsername" : <string> DEFAULT "",
	"escalationPassword" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT ""
	
	privilegeEscalation "su" | "sudo" and authType not "thycotic"
	-------------------------------------------------------------
	"escalationUsername" : <string> DEFAULT "",
	"escalationPassword" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT ""

	privilegeEscalation "su" | "sudo" and authType "thycotic"
	-------------------------------------------------------------
	"escalationUsername" : <string> DEFAULT "",
	"escalationPath" : <string> DEFAULT ""
}

type is "snmp"

{
	...
	"communityString" : <string>
}

type is "windows"

{
	...
	"username" : <string>,
	"authType" : <string> "BeyondTrust" | "Centrify" | "cyberark" | "Hashicorp" | "kerberos" | "lieberman" | "lm" | "ntlm" | "password" | "thycotic",

	authType "Arcon"
	----------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_api_user" : <string>,
	"pam_api_key" : <string>,
	"pam_auth_url" : <string>,
	"pam_query_url" : <string>,
	"pam_engine_url" : <string>,
	"pam_namespace" : <string>,
	"pam_duration" : <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes"

	authType "BeyondTrust"
	----------------------
	"domain" : <string> DEFAULT "",
	"beyondtrust_host" : <string> (valid IP or IP host),
	"beyondtrust_port" : <string> (valid port number),
	"beyondtrust_api_key" : <string>,
	"beyondtrust_duration" : <string>,
	"beyondtrust_use_ssl" : <string> "no" | "yes",
	"beyondtrust_verify_ssl" : <string> "no" | "yes",
	"beyondtrust_api_user" : <string>

	authType "Centrify"
	----------------
	"pam_host" : <string> (valid IP or IP host),
	"pam_port" : <string> (valid port number),
	"pam_api_user" : <string>,
	"pam_api_key" : <string>,
	"pam_namespace" : <string>,
	"pam_auth_url" : <string>,
	"pam_query_url" : <string>,
	"pam_engine_url" : <string>,
	"username" : <string>,
	"pam_duration" : <string>,
	"pam_use_ssl" : <string> "no" | "yes",
	"pam_verify_ssl" : <string> "no" | "yes"
	
	authType "cyberark"
	-------------------
	"domain" : <string> DEFAULT "",
	"vault_host" : <string> (valid IP or IP host),
	"vault_port" : <string> (valid port number),
	"vault_username" : <string> DEFAULT "",
	"vault_password" : <string> DEFAULT "",
	"vault_cyberark_url" : <string> DEFAULT "",
	"vault_safe" : <string>,
	"vault_app_id" : <string>,
	"vault_policy_id" : <string> DEFAULT "",
	"vault_folder" : <string>,
	"vault_use_ssl" : <string>,
	"vault_verify_ssl" : <string>,
	"vault_account_name" : <string>,
	"vault_cyberark_client_cert" : <string>,
	"vault_cyberark_private_key" : <string>,
	"vault_cyberark_private_key_passphrase" : <string>

	authType "Hashicorp"
	--------------------
	"hashicorp_host" : <string> (valid IP or IP host),
	"hashicorp_port" : <string> (valid port number),
	"hashicorp_authentication_type" : <string> "App Role" | "Certificates",
	"hashicorp_role_id" : <string>,
	"hashicorp_role_secret_id" : <string>,
	"hashicorp_client_cert" : <string>,
	"hashicorp_private_key" : <string>,
	"hashicorp_private_key_passphrase" : <string>,
	"hashicorp_auth_url" : <string>,
	"hashicorp_namespace" : <string>,
	"hashicorp_kv_url" : <string>,
	"hashicorp_username_source" : <string> "Hashicorp Vault" | "Manual Entry",
	"hashicorp_userkey" : <string>,
	"hashicorp_passkey" : <string>,
	"hashicorp_secret" : <string>,
	"hashicorp_use_ssl" : <string> "false" | "true",
	"hashicorp_verify_ssl" : <string> "false" | "true",
	"hashicorp_vault_type" : <string> "KV1" | "KV2" | "AD"

	authType "kerberos"
	-------------------
	"password" : <string>,
	"kdc_ip" : <string> (valid IP address),
	"kdc_port" : <string> (valid port number),
	"kdc_protocol" : <string>,
	"kdc_realm" : <string>

	authType "lieberman"
	--------------------
	"lieberman_host" : <string> (valid IP or IP host),
	"lieberman_port" : <string> (valid port number),
	"lieberman_pam_user" : <string> DEFAULT "",
	"lieberman_pam_password" : <string> DEFAULT "",
	"lieberman_use_ssl" : <string> "false" | "true",
	"lieberman_verify_ssl" : <string> "false" | "true"
	
	authType "lm" | "ntlm" | "password"
	-----------------------------------
	"password" : <string>,
	"domain" : <string> DEFAULT ""
	
	authType "thycotic"
	-------------------
	"domain" : <string> DEFAULT "",
	"thycotic_secret_name" : <string>,
	"thycotic_url" : <string>,
	"thycotic_username" : <string>,
	"thycotic_password" : <string>,
	"thycotic_organization" : <string> DEFAULT "",
	"thycotic_domain" : <string> DEFAULT "",
	"thycotic_ssl_verify" : <string> "no" | "yes",
	"privilegeEscalation" : <string> "none" DEFAULT "none"
}

type is "apiGateway"

{
	...
	"authType" : <string> "ibmDPGateway",

	authType "ibmDPGateway"
	----------------
	"datapower_client_cert" : <string>,
	"datapower_custom_header_key" : <string>,
	"datapower_custom_header_value" : <string>,
	"datapower_enable_hashicorp" : <string> "no" | "yes" DEFAULT "yes",
	"datapower_private_key" : <string>,
	"datapower_private_key_passphrase" : <string>
}



Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1000009",
		"type" : "database",
		"name" : "'database' Test PATCH",
		"description" : "Manually inputted in data for use in testing",
		"tags" : "",
		"createdTime" : "1433187223",
		"modifiedTime" : "1433265608",
		"typeFields" : {
			"login" : "test",
			"password" : "SET",
			"sid" : "",
			"port" : "49",
			"dbType" : "Oracle",
			"oracleAuthType" : "test",
			"SQLServerAuthType" : ""
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : ""
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : ""
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1433279057
}

/credential/{id}

Methods
GET

Gets the Credential associated with {id}.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

NOTE: 'typeFields' returns type-specific parameters inside of a 'typeFields." It does not consider authType, privilegeEscalation, or dbType. If requested, typeFields returns as follows:

type"database": login, password, sid, port, dbType, oracleAuthType, oracle_service_type, SQLServerAuthType, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, vault_address, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, lieberman_system_name, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, hashicorp_vault_type,sybase_ase_auth_type
type"ssh": 
authType, username, password, publicKey, privateKey, passphrase, kdc_ip, kdc_port, kdc_protocol, kdc_realm, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, vault_address, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, thycotic_secret_name, thycotic_url, thycotic_username, thycotic_password, thycotic_organization, thycotic_domain, thycotic_private_key, thycotic_ssl_verify, privilegeEscalation, escalationUsername, escalationPassword, escalationSuUser, escalationPath, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, beyondtrust_host, beyondtrust_port, beyondtrust_api_key, beyondtrust_duration, beyondtrust_use_ssl, beyondtrust_verify_ssl, beyondtrust_use_private_key, beyondtrust_use_escalation, beyondtrust_api_user, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, pam_host, pam_port, pam_api_user, pam_api_key, pam_auth_url, pam_query_url, pam_engine_url, pam_namespace, pam_duration, pam_use_ssl, pam_verify_ssl, hashicorp_vault_type
type"snmp": communityString
type"windows": authType, username, password, domain, kdc_ip, kdc_port, kdc_protocol, vault_host, vault_port, vault_username, vault_password, vault_cyberark_url, vault_safe, vault_app_id, vault_folder, vault_use_ssl, vault_verify_ssl, thycotic_secret_name, thycotic_url, vault_account_name, vault_cyberark_client_cert, vault_cyberark_private_key, vault_cyberark_private_key_passphrase, thycotic_username, thycotic_password, thycotic_organization, thycotic_domain, thycotic_ssl_verify, lieberman_host, lieberman_port, lieberman_pam_user, lieberman_pam_password, lieberman_use_ssl, lieberman_verify_ssl, beyondtrust_host, beyondtrust_port, beyondtrust_api_key, beyondtrust_duration, beyondtrust_use_ssl, beyondtrust_verify_ssl, beyondtrust_api_user, hashicorp_hosthashicorp_port, hashicorp_authentication_type, hashicorp_role_id, hashicorp_role_secret_idhashicorp_client_certhashicorp_private_keyhashicorp_private_key_passphrasehashicorp_auth_url, hashicorp_namespace, hashicorp_kv_url, hashicorp_username_source, hashicorp_userkey, hashicorp_passkey, hashicorp_secret, hashicorp_use_ssl, hashicorp_verify_ssl, pam_host, pam_port, pam_api_user, pam_api_key, pam_auth_url, pam_query_url, pam_engine_url, pam_namespace, pam_duration, pam_use_ssl, pam_verify_ssl, hashicorp_vault_type

type"apiGateway": authTypedatapower_client_cert, datapower_private_key, datapower_private_key_passphrase, datapower_enable_hashicorp, datapower_custom_header_key, datapower_custom_header_value

Allowed Fields

*id

Allowed Fields

*id
**name
**description
**type
creator
groups

target
typeFields
tags
createdTime
modifiedTime
canUse
canManage

Session user role not "1" (Administrator)

owner
ownerGroup
targetGroup

Legend

* = always comes back

** = comes back if fields list not specified on GET all

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1000009",
		"type" : "database",
		"name" : "'database' Test PATCH",192.168.1.14
		"description" : "Manually inputted in data for use in testing",
		"tags" : "",
		"createdTime" : "1433187223",
		"modifiedTime" : "1433265608",
		"typeFields" : {
			"login" : "test",
			"password" : "SET",
			"sid" : "",
			"port" : "49",
			"dbType" : "Oracle",
			"oracleAuthType" : "test",
			"SQLServerAuthType" : ""
		},
		"groups" : [],
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : ""
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : ""
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1433279057
}

PATCH

Edits the Credential associated with {id}, changing only the passed in fields.

Request Parameters

Note #1: A Credential's 'type' parameter may not be modified, but 'authType' may be modified.

Note #2: When a Credential's authType, dbType, or privilegeEscalation parameters are modified, the parameters that no longer apply will be cleared by default.

Parameters that still may apply, however, are maintained by default. Either may be passed to override default, though fields that no longer apply would give an error.

i.e. If privilegeEscalation is modified from 'su' to 'cisco', the 'escalationPassword' parameter applies and will be maintained. The escalationUsername and escalationPath parameters no longer apply, however, and will be cleared.

Note #3: When a password field is saved, the response will be a string "SET". During PATCH, however, "SET" should not be passed back, or it will be considered to be the new password.

(All fields are optional)

See /credential::POST for parameters.

Example Response
See /credential/{id}::GET

DELETE

Deletes the Credential associated with {id}, depending on access and permissions.

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : "",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408723358
}

/credential/{id}/share

Methods
POST

Shares the Credential associated with {id}, depending on access and permissions.

Note: Admin users cannot share credentials. Application credentials cannot be shared.

Request Parameters
Expand
{
	"groups" : [
		{
			"id" : <number>
		}...
	]
}
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1000002",
		"creatorID" : "1",
		"ownerID" : "1",
		"type" : "kerberos",
		"name" : "test",
		"description" : "",
		"tags" : "",
		"createdTime" : "1407871560",
		"modifiedTime" : "1407871560",
		"ownerGID" : "0",
		"targetGID" : "-1",
		"ip" : "192.168.1.1",
		"port" : "1",
		"protocol" : "stuff",
		"realm" : "stuff",
		"canUse" : "true",
		"canManage" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : ""
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : ""
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"targetGroup" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1409082841
}

/credential/tag

Methods
GET

Gets the full list of unique Credential tags

Note: Organization user responses will contain both organization and admin policy tags. Admin user responses will contain only admin policy tags.

Request Parameters

none

Example Response
Expand
{
	"type" : "regular",
	"response" : [
		"Tag1",
		"Tag2",
		"Tag3"
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1461093219
}