Use a Postman collection for CyberArk Identity authentication

This topic helps you to test the CyberArk Identity authentication APIs using a Postman collection. Postman is an HTTP-testing API application that enables you to monitor requests and responses.

Before you begin

Import a Postman collection

Get started with a Postman collection

Once the Postman collection is imported, you need to pre-fill the following variables to run the collection, based on the functionality you want to try out.

You can add the variables by selecting the variables tab, as shown above.

Authentication APIs

The table below describes the mandatory variables required for this collection.

Variable name

Description

Purpose

tenant_url

The URL of the CyberArk Identity tenant (https://example.my.idaptive.app or https://example.id.cyberark.cloud). The URL will be used for all API requests to CyberArk Identity.

Mandatory variable required for this collection.

username

The username of the CyberArk Identity directory user.

Mandatory variable required for this collection.

password

The password of the CyberArk Identity directory user.

The variable is required to authenticate with a password.

sq_answer

The answer to the security question asked at the time of login.

The variable is required to authenticate with a security question.

email_otp

The one time password sent to the email address of the user at the time of login.

The variable is required to authenticate with the email address.

sms_otp

The one time password sent to the registered mobile number of the user at the time of login.

The variable is required to authenticate with an SMS.

oath_otp

The time-based one time password generated by the OATH OTP client

The variable is required to authenticate with an OATH OTP.

qr_session_id

The session ID can be retrieved from the QR code displayed by the CyberArk Identity's login screen. This session ID should be used by the QR code authenticator to submit QR code

The variable is required to authenticate with a QR code.

fido2_security_id

The credential ID generated by the FIDO2 authenticator

The variable is required to authenticate either with an FIDO2 security key or on-device authenticator.

fido2_raw_id

The ArrayBuffer contained in the [[identifier]] internal slot.

The variable is required to authenticate either with an FIDO2 security key or on-device authenticator.

fido2_challenge

The challenge used for generating the newly created credential’s attestation object. This challenge can be generated using the /U2f/GetRegistrationChallenge API

The variable is required to authenticate either with an FIDO2 security key or on-device authenticator.

fido2_authenticator_type

The FIDO2 authenticator type can either be "SECURITYKEY" for FIDO2 security key or "ONDEVICEAUTHENTICATOR" for on-device authenticator.

The variable is required to authenticate either with an FIDO2 security key or on-device authenticator.

fido2_attestation_object

The attestation object that contains authenticator data and attestation statement.

The variable is required to authenticate either with an FIDO2 security key or on-device authenticator.

fido2_client_data

This attribute, inherited from AuthenticatorResponse, contains the JSON-compatible serialization of client data

The variable is required to authenticate either with an FIDO2 security key or on-device authenticator.

Step-up authentication

CyberArk Identity provides step-up authentication to protect sensitive apps with additional MFA challenges. You can do this by adding policies to the web apps as shown below:

The Postman collection provides a collection for step-up authentication. To initiate the step-up authentication, a challenge ID is required for the additional challenge. You can use the /Security/ChallengeUser API to generate the challenge ID. This API takes the below parameter as input:

Variable name

Description

authentication_profile_name

The name of the authentication profile that is added to the app policy.

Once the challenge ID is generated, it can be passed to the /Security/StartChallenge API.