POST Credentials/CyberArk/Create
Creates an entry in the Trust Protection Platform policy folder to match credential information in a CyberArk Safe. Trust Protection Platform will use the credential data for provisioning.
Before you make this REST API call:
- In Trust Protection Platform, confirm that the CyberArk Credentials driver is installed. Verify that the CyberArk connector is configured. See the Administration Guide for details.
- In CyberArk, identify the Safe that contains grant permissions for Trust Protection Platform. In the Safe, get the name and folder of the account that Trust Protection Platform retrieves for the credential.
- To create or modify this object, you must provide credentials for a CyberArk user who has either 'Use Accounts' (permission to log on to a device using the CyberArk account through the CyberArk UI) or 'Retrieve Accounts' (permission to retrieve the actual password for the CyberArk account).
Requirements
- Permissions: The caller must have Create permission and Write permission to the folder that will hold the new credential.
- Token scope: Security:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
AccountName | The CyberArk account name where the password is stored inside of the Safe. |
AppID | The CyberArk application ID. The Application ID must be a member of the CyberArk Safe with rights to the Safe. |
CredentialPath |
The policy location for the credential. For example: \\VED\\Policy\\MyCredential. |
CyberArkPassword | If CyberArkUsername is missing, creates a CyberArk Password credential. The password that matches the User Name property from the CyberArk safe. |
CyberArkUsername |
(Optional) Creates a CyberArk Username Password credential. The CyberArk Username from the CyberArk safe. This is the CyberArk user that has rights to the Safe that contains the necessary credentials for Trust Protection Platform to provision a certificate to a device. |
FolderName | The CyberArk folder name inside the Safe where passwords are stored. |
SafeName | The CyberArk Safe name that contains password account information. |
Username | The Trust Protection Platform user name to authenticate to a device or application. The corresponding password originates in CyberArk. |
Returns
For valid requests, Credentials/Cyberark/Create returns a HTTP 200 message and a Result of 1. For invalid requests, note the HTTP message, Result of 0, and corresponding Error.
Name |
Description |
---|---|
HTTP 200 |
Result: 1: Success. |
HTTP 400 |
For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:
|
Example: Create a CyberArk password credential
Request
POST: https://tpp.venafi.example/vedsdk/Credentials/CyberArk/Create Authorization:Bearer 4MyGeneratedBearerTknz== { "CyberArkUsername" : "AdmCorp", "CyberArkPassword" : "!omepassw0rd", "Username" : "admin", "AppID" : "VenafiTPP", "SafeName" : "SafeCorp", "FolderName" : "Root\\local", "AccountName" : "rootpw", "CredentialPath" : "\\VED\\Policy\\MyTPPfolder\\AdmCorp" }
Response
HTTP/1.1 200 OK { "Result":1 }