POST Config/FindObjectsOfClass

Returns the details and location of objects in the Policy tree based on the object class.


  • Permissions:  The caller must have View permission to objects in order for them to appear in the results.
  • Token scope:  Configuration


  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.


You must specify either the Class or Classes parameter.

Input parameters



Classes (Optional)

The list of class names to search on. Pattern is optional. ObjectDN and Recursive is only supported if Class is provided. For more information, see How to find class names and attributes.

Class (Optional)

The specific class name to search on. Either Class or Classes must be provided.

Pattern (Optional)

A search pattern to filter objects:

  • To list DNs that include an asterisk (*) or question mark (?), prepend two backslashes (\\). For example, \\* treats the asterisk as a literal character and returns only certificates with DNs that match *
  • To list DNs with a wildcard character, append a question mark (?). For example, "test_?" counts and but not
  • To list DNs with similar names, prepend an asterisk. For example, *, counts and
  • You can also use both literals and wildcards in a pattern.

    NOTE  Web SDK wildcards operate differently than the UI wildcards. For REST API calls, be sure to follow the guidelines stated in this section.


The starting DN of the object to search for subordinates. ObjectDN and Recursive is only supported if Class is provided.

Recursive (Optional)

When set to 1, searches the subordinates of the object specified in ObjectDN. ObjectDN and Recursive is only supported if Class is provided.


Response description



HTTP 200

For valid requests, this call returns a HTTP 200 message and the following data in the message body:

  • Error: Appears only when the operation cannot supply the necessary data. Provides only a description and Result. No other data.
  • Objects: An array of objects of the specified class(es):

    • AbsoluteGUID: The left-to-right concatenation of all of the GUIDs for all of the objects in the DN.
    • DN: The Distinguished Name (DN) of the object.
    • GUID: The GUID that identifies the object.
    • ID: The object identifier.
    • Name: The Common Name (CN) of the object.
    • Parent: The parent DN of the object.
    • Revision: The revision of the object.
    • TypeName: the class name of the object.
  • Result: The result code that indicates the reason for success or failure. For more information, see Config result codes.

HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

  • error: The reason for the error.
  • error_description: If available, additional information about how to retry the request.

Example 1: Recursively search device objects that include an asterisk in the name

Request for Example 1

POST https://tpp.venafi.example/vedsdk/Config/FindObjectsOfClass
Authorization:Bearer 4MyGeneratedBearerTknz==
     "Class" : "Device",
     "ObjectDN" : "\\VED\\Policy\\Devices\\TestDevices",
     "Pattern": "\\*",
     "Recursive": true

Response for Example 1

HTTP/1.1 200 OK
    "Objects": [
            "AbsoluteGUID": "{c0a16eea-c96d-46fb-b2b6-5c050a53a94e}
            "DN": "\\VED\\Policy\\Devices\\TestDevices\\*",
            "GUID": "{267b9cbb-6a86-4c57-9610-3dcf0a76f5c2}",
            "Id": 319,
            "Name": "*",
            "Parent": "\\VED\\Policy\\Devices\\TestDevices",
            "Revision": 636425809793375174,
            "TypeName": "Device"
    "Result": 1

Example 2: Use wild cards to search for certificates

Request for Example 2

POST https://tpp.venafi.example/vedsdk/Config/FindObjectsOfClass
Authorization:Bearer 4MyGeneratedBearerTknz==
     "Class" : "X509 Certificate",
     "ObjectDN" : "\\VED\\Policy\\Russia\\Certificates",
     "Pattern": "*StPete",
     "Recursive": false

Response for Example 2

HTTP/1.1 200 OK
    "Objects": [
            "AbsoluteGUID": "{c0a16eea-c96d-46fb-b2b6-5c050a53a94e}
            "DN": "\\VED\\Policy\\Russia\\Certificates\\dw-StPete",
            "GUID": "{d241d055-fddb-46d1-8b0b-d0b7d1d980e0}",
            "Id": 1673,
            "Name": "dw-StPete",
            "Parent": "\\VED\\Policy\\Russia\\Certificates",
            "Revision": 636425208143244210,
            "TypeName": "X509 Certificate"
    "Result": 1