Get accounts

This method returns a list of all the accounts in Privilege Cloud.

The number of returned accounts is determined by the MaxDisplayedRecords parameter in the Privilege Cloud Portal configuration.

The user who runs this web service requires List Accounts permissions in the Safe.

URL

https://<subdomain>.privilegecloud.cyberark.cloud/PasswordVault/API/Accounts?search={search}&searchType={searchType}&sort={sort}&offset={offset}&limit={limit}&filter={filter}/

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %
If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

Resource information

HTTP method	Content type
GET	application/json

Header parameter

Parameter	Description
Authorization	The token that identifies the session, encoded in BASE 64. See Authentication. Type: String Mandatory: Yes Default value: None

URL parameters

These parameters are optional.

Parameter	Description
search	A list of keywords to search for in accounts, separated by a space. Type: String Example: `GET https://cyberark.com/PasswordVault/api/accounts?search=Windows admin`
searchType	Get accounts that either contain or start with the value specified in the Search parameter. Type: String Valid values: contains (default) or startswith Example: `GET $search=Windows" class="external-link" target="_blank" rel="nofollow noopener">https://cyberark.com/PasswordVault/api/accounts?$search=Windows admin$searchtype=contains`
sort	The property or properties that you want to sort returned accounts, followed by asc (default) or desc to control sort direction. Separate multiple properties with commas, up to a maximum of three properties. Type: String Example: `GET https://cyberark.com/PasswordVault/api/accounts?sort=Windows asc`
offset	Offset of the first account that is returned in the collection of results. Type: Number Default value: 0 Examples: Returns a collection of accounts that begins with the 10th account in the results `GET https://cyberark.com/PasswordVault/api/accounts?offset=10` Returns the first 100 accounts `GET https://cyberark.com/PasswordVault/api/accounts?limit=100` Returns the next 100 accounts, after the first 100 (second page) `GET https://cyberark.com/PasswordVault/api/accounts?offset=100&limit=100` Returns the next 100 accounts, after the first 200 (third page) `GET https://cyberark.com/PasswordVault/api/accounts?offset=200&limit=100`
limit	The maximum number of returned accounts. The maximum number that you can specify is 1000. When used together with the Offset parameter, this value determines the number of accounts to return, starting from the first account that is returned. Type: Number Default value: 50 Example: `GET https://cyberark.com/PasswordVault/api/accounts?offset=10&limit=25`
filter	Search for accounts using a filter. See Filter parameters. To use more than one filter, use the `AND` operator. Example: `GET https://cyberark.com/PasswordVault/api/accounts?filter=safename eq mySafe AND ModificationTime gte 0`
savedfilter	Search for accounts using a saved filter(s). Example: `GET https://cyberark.com/PasswordVault/api/Accounts?savedFilter=Deleted` Search using any of the following saved filter types. Regular Recently New Link Deleted PolicyFailures AccessedByUsers ModifiedByUsers ModifiedByCPM DisabledPasswordByUser DisabledPasswordByCPM ScheduledForChange ScheduledForVerify ScheduledForReconcile SuccessfullyReconciled FailedChange FailedVerify FailedReconcile LockedOrNew Locked Favorites

Filter parameters

Parameter	Description
safeName	Get accounts from a specific Safe, using the Safe name. Type: String Example: `GET https://cyberark.com/PasswordVault/api/accounts?filter=safeName eq mySafe`
modificationTime	Get accounts that were modified after a given time. Type: String Example: `GET https://cyberark.com/PasswordVault/api/accounts?filter=ModificationTime gte 0`

Parameter

Description

safeName

Get accounts from a specific Safe, using the Safe name.

Type: String

Example: GET https://cyberark.com/PasswordVault/api/accounts?filter=safeName eq mySafe

modificationTime

Get accounts that were modified after a given time.

Type: String

Example: GET https://cyberark.com/PasswordVault/api/accounts?filter=ModificationTime gte 0

Body parameters

None

Result

{
  "id": "string",
  "name": "string",
  "address": "string",
  "userName": "string",
  "platformId": "string",
  "safeName": "string",
  "secretType": "key",
  "platformAccountProperties": {},
  "secretManagement": {
    "automaticManagementEnabled": true,
    "manualManagementReason": "string",
    "status": "inProcess",
    "lastModifiedTime": 0,
    "lastReconciledTime": 0,
    "lastVerifiedTime": 0
  },
  "remoteMachinesAccess": {
    "remoteMachines": "string",
    "accessRestrictedToRemoteMachines": true
  },
  "createdTime": 0
  "categoryModificationTime": 111111111111111111111
}

Parameter	Description
id	The unique ID of the account. Type: String Valid values: Valid account ID
safeName	The unique name of the Safe where the account is located. Type: String Valid values: Safe name
platformId	The platform assigned to the account. Type: String Valid values: Platform ID Example: WinServerLocal
address	The name or address of the machine where the account is used. Type: String Valid values: vDNS/IP/URL where the account is managed
name	The name of the account. Type: String Valid values: Account name
secretType	The type of password. Type: String Valid values: Password, key
userName	The account user name. Type: String Valid values: User name
platformAccountProperties	The object containing key-value pairs to associate with the account, as defined by the account platform. Optional properties that do not exist for the account will not be returned here, and internal properties are not returned. Type: String Example: {"Location": "IT", "OwnerName": "MSSPAdmin"}
secretManagement	See Secret management parameters.
remoteMachinesAccess	See Remote machine access parameters.
createdTime	The date and time the account was created. Type: String Valid values: Date-time
categoryModificationTime	The last time the account or one of its file categories was created or changed. Type: String Valid values: Date-time
deletionTime	The time the account was deleted. Appears in the results only if the account was deleted. If the account is still viable, this parameter does not appear. Type: String Valid values: Date-time

Secret management parameters

Parameter	Description
automaticManagementEnabled	Whether the account secret is automatically managed by the CPM. Type: Boolean Default value: True Valid values: True/False
manualManagementReason	The reason for disabling automatic secret management. Type: String Valid values: Reason
status	The account management status. Type: String Valid values: inProcess, Success, Failure
lastModifiedDateTime	The last modified date of the account. Type: String Valid values: Date-time
lastReconciledDateTime	The last reconciled date of the account. Type: String Valid values: Date-time
lastVerifiedDateTime	The last verified date of the account. Type: String Valid values: Date-time

Remote machine access parameters

Parameter	Description
remoteMachines	A list of remote machines, separated by semicolons. Type: String Valid values: List of machines Example: server1.cyberark.com;server2.cyberark.com
accessRestrictedToRemoteMachines	Whether or not to restrict access only to specified remote machines. Type: Boolean Valid values: True/False

Parameter

Description

remoteMachines

A list of remote machines, separated by semicolons.

Type: String

Valid values: List of machines

Example: server1.cyberark.com;server2.cyberark.com

accessRestrictedToRemoteMachines

Whether or not to restrict access only to specified remote machines.

Type: Boolean

Valid values: True/False

Return codes

For a complete list of return codes, see Return Codes.