Use a Postman collection for application management
This topic helps you to test the APIs related to CyberArk Identity application management using Postman collection. Postman is an HTTP-testing API application that enables you to monitor requests and responses.
Before you begin
-
Install Postman from https://www.postman.com/downloads/
-
Get access to CyberArk Identity tenant
-
Create a user that has application management administrative rights.
Import the Postman collection
Get started with the Postman collection
Once the Postman collection is imported, pre-fill the following variables to run the collection based on the functionality you want to try out.
Authentication is required to access the APIs related to application management. The authenticated user should contain application management administrative rights to access the APIs.
| Variable name | Description |
|---|---|
|
tenant_url
|
The URL of the CyberArk Identity tenant. For example:
The URL will be used for all API requests to CyberArk Identity. |
|
username |
The username of the CyberArk Identity directory user |
|
password |
The password of the CyberArk Identity directory user |
|
app_key |
The application key of the app The app key can be retrieved from the settings tab of the app once the app is created. |
|
admin_tag |
Tags for the applications |
|
description |
Description of the application |
|
icon |
Icon URL for the application |
|
icon_uri |
Icon URL for the application |
|
name |
Name for the application |
|
organization_id |
The organization ID to which the application should be added |
|
service_name |
The application ID for the application |
|
show_in_user_portal |
A Boolean value that specifies whether the application should be displayed in the user portal |
|
app_names |
The names of the applications that are to be imported from the templates |
|
rights |
The rights granted to the user for applications: Grant, View, Manage, Run, and so on |
|
directory_service_uuid |
The UUID of the directory service to which the user belongs |
|
tag_names |
The tags that need to be added to the applications |
Pre-fill the following variables to create or update OpenID Connect applications:
| Variable name | Description |
|---|---|
|
oidc_allow_login_by |
Whether the RP or CyberArk Identity initiates the login |
|
oidc_allow_refresh |
A Boolean value to enable/disable refresh tokens |
|
oidc_allow_scope_select |
A Boolean value to enable/disable scope selection on the consent pop-up |
|
oidc_client_secret |
A unique code that an authorization service issues when the service registers the application You can think of it as the password for the client application. |
|
oidc_confirm_consent |
A Boolean flag to enable/disable OIDC consent |
|
oidc_scope_name |
The name of the scope to be added |
|
oidc_scope_type |
The type of scope: API/Custom Claims |
|
oidc_allowed_rest_APIs |
A list of regexes of the allowed rest APIs |
|
oidc_post_logout_URIs |
A list of authorized post-logout URIs |
|
oidc_redirects |
A list of authorized redirect URIs |
|
oidc_refresh_token_lifetime |
The refresh token lifetime |
|
oidc_token_lifetime |
The lifetime of the access and ID tokens |
|
oidc_script |
The script to add custom claims |
|
oidc_relying_party_url |
The URL of the relying party application |
Prefill the following variables to create or update SAML applications:
| Variable name | Description |
|---|---|
|
saml_spconfig_method |
An integer value that takes the SP configuration method It can either be: 1 - Metadata or 2 - Manual Configuration |
|
saml_spmetadata_url |
The SP metadata URL |
|
saml_spmetadata_xml |
The SP metadata XML |
|
saml_audience |
The SP Entity ID, also known as SP Issuer or Audience |
|
saml_acs_url |
The ACS URL |
|
saml_recipient_SameAsAcsUrl |
A Boolean value that specifies if the recipient value is the same as the ACS URL |
|
saml_sign_method |
The SAML sign method: Either Response, Assertion, or both. |
|
saml_name_id_format |
The Format attribute value in the element in the SAML response Select the NameID format that your service provider specifies to use. If the SP does not specify one, select |
|
saml_sp_slo_url |
The SP single logout URL |
|
saml_encrypt_assertion |
A Boolean value that specifies whether the SAML assertion should be encrypted |
|
saml_encryption_thumbprint |
The encryption certificate thumbprint |
|
saml_relay_state |
The relay state specified by the SP |
|
saml_authn_context_class |
Select the authentication context class that your service provider specifies to use. If the SP does not specify one, select |
|
saml_attributes |
The SAML attributes that have to be sent in the SAML assertion |
|
saml_script |
The script required for more complex logic for attribute mappings for your SAML response |
Pre-fill these additional variables to create or update OAuth 2.0 applications along with OIDC applications:
| Variable name | Description |
|---|---|
|
oauth_allow_public |
A Boolean flag that specifies whether public clients should be allowed This is required for an authorization code with a PKCE flow. |
|
oauth_allowed_auth |
The list of allowed grant types |
|
oauth_client_id_type |
The type of the client ID: Anything, List, or Confidential Client |
|
oauth_client |
A Boolean flag that specifies whether it is an OAuth client |
|
oauth_token_type
|
The type of the OAuth token There are two types of tokens: JwtRS256 and Opaque. |
