POST Credentials/CyberArk/Update

Updates Trust Protection Foundation to match credential information in a CyberArk Safe.

Before you make this REST API call:

In Trust Protection Foundation, confirm that the CyberArk Credentials driver is installed. Verify that the CyberArk connector is configured. See the Administration Guide for details.
In CyberArk, identify the Safe that contains grant permissions for Trust Protection Foundation. In the Safe, get the name and folder of the account that Trust Protection Foundation retrieves for the credential.
To create or modify this object, you must provide credentials for a CyberArk user who has either 'Use Accounts' (permission to log on to a device using the CyberArk account through the CyberArk UI) or 'Retrieve Accounts' (permission to retrieve the actual password for the CyberArk account).

Requirements

Permissions: The caller must have Write permission to the credential object.
Token scope: Security:Manage

Headers

Content type: Content-Type:application/json.
Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters
Name	Description
AccountName	The CyberArk account name where the password is stored inside of the Safe.
AppID	The CyberArk application ID. The Application ID must be a member of the CyberArk Safe with rights to the Safe.
CredentialPath	The policy location for the credential. For example: \\VED\\Policy\\MyCredential.
CyberArkPassword	(Optional) The password for the CyberArk account used to retrieve the credential from the Safe.
CyberArkUsername	(Optional) Creates a CyberArk Username Password credential. The CyberArk Username from the CyberArk safe. This is the CyberArk user that has rights to the Safe that contains the necessary credentials for Trust Protection Foundation to provision a certificate to a device. This field does not determine the credential type.
DualAccount	(Optional) The Dual Account adds a second user to the credential, and consists of two identically privileged accounts. One account is active while the other is rotated, enabling password updates without downtime.
FolderName	The CyberArk folder name inside the Safe where passwords are stored.
SafeName	The CyberArk Safe name that contains password account information.
Username	The Trust Protection Foundation user name to authenticate to a device or application. The corresponding password originates in CyberArk. This field determines the credential type. If the Username property is present in the request JSON, the credential is treated as a CyberArk Username Password credential If the Usernameproperty is omitted, the credential is treated as a CyberArk Password credential The value can be a string, empty (""), or null If empty or null, the username is retrieved from CyberArk at runtime
VirtualUserName	(Optional) The Virtual User Name specifies the username used for authentication when Dual Account is enabled.

Returns

For valid requests, Credentials/Cyberark/Update returns a HTTP 200 message and a Result of 1. For invalid requests, note the HTTP message, Result of 0, and corresponding Error.

Response description
Name	Description
HTTP 200	Result: 1: Success.
HTTP 400	For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body: Result: 0. Error: If available, additional information about how to retry the request.

Example: Update the CyberArk folder path in Trust Protection Foundation

Request

POST: https://tpp.venafi.example/vedsdk/Credentials/Adaptable/Update
Authorization:Bearer 4MyGeneratedBearerTknz==
{  
   "CyberArkUsername":"AdmBrett",
   "CyberArkPassword":"MyPassw0rd!",
   "Username":"admin",
   "AppID":"VenafiTPP",
   "SafeName":"SafeBrett",
   "FolderName":"Root\\local",
   "AccountName":"rootpw",
   "CredentialPath":"\\VED\\Policy\\youngsue folder\\AdminVK"
}

Response

HTTP/1.1 200 OK
{
  "Result": 1
}