CyberArk, LDAP, RADIUS, Windows

This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method enables you to set a new password.

Select the method you want to use:

2nd gen API (recommended)

URL

Method

URL

CyberArk

https://<IIS_Server_Ip>/PasswordVault/API/auth/Cyberark/Logon/

Windows

https://<IIS_Server_Ip>/PasswordVault/API/auth/Windows/Logon/

LDAP

https://<IIS_Server_Ip>/PasswordVault/API/auth/LDAP/Logon/

RADIUS

https://<IIS_Server_Ip>/PasswordVault/API/auth/RADIUS/Logon/

Resource information

HTTP method	POST
Content type	application/json

Body parameters

{
"username":"<user_name>",
"password":"<password>",
"newPassword":"<NewPassword>",
}

Parameter	Description
username (mandatory)	The name of the user who is logging in to the Vault. Type: string
password (mandatory)	The password used by the user to log in to the Vault. Type: string
newPassword (optional)	Set this parameter with a new password to change the user's password. This parameter can be used with the following authentication methods: CyberArk LDAP Type: string
concurrentSession (optional)	Set this parameter to True to enable the user to open multiple connection sessions simultaneously. Up to 300 concurrent sessions are supported. Valid values: True/False Default: False Type: boolean

Parameter

Description

username

(mandatory)

The name of the user who is logging in to the Vault.

Type: string

password

(mandatory)

The password used by the user to log in to the Vault.

Type: string

newPassword

(optional)

Set this parameter with a new password to change the user's password.

This parameter can be used with the following authentication methods:

CyberArk
LDAP

Type: string

concurrentSession (optional)

Set this parameter to True to enable the user to open multiple connection sessions simultaneously.

Up to 300 concurrent sessions are supported.

Valid values: True/False

Default: False

Type: boolean

Result

{ 
"<session token>"
}

This method returns the session token.

1st gen API

URL

https://<IIS_Server_Ip>/PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logon

Resource information

HTTP method	POST
Content type	application/json

Body parameters

{

"username":"<user_name>",

"password":"<password>",

"newPassword":"<password>",

"useRadiusAuthentication":"<bool>",

"connectionNumber":"<integer>"

}

The Logon syntax has these parts:

Parameter	username
Type	String
Description	The name of the user who will logon to the Vault.
Mandatory	Yes
Default	None
Parameter	password
Type	String
Description	The password of the user.
Mandatory	Yes
Default	None
Parameter	newPassword
Type	String
Description	The new password of the user. This parameter is optional, and enables you to change a password.
Mandatory	No
Default	None
Parameter	useRadiusAuthentication
Type	Boolean
Description	Whether or not users will be authenticated via a RADIUS server. Note: The RADIUS challenge response is currently limited to 512 characters.
Valid values	true/false
Mandatory	No
Default	false
Parameter	connectionNumber
Type	Integer
Description	In order to allow more than one connection for the same user simultaneously, each request should be sent with a different 'connectionNumber'.
Valid values	0-100
Mandatory	No
Default	None

Result

{ 
"CyberArkLogonResult":"<session token>"
}

Parameter	CyberArkLogonResult
Type	Long
Description	A session token.

Return codes

For a complete list of return codes, see Return Codes.