REST APIs
We provide the following REST APIs to help integrate DAP into your development environments. Click a link below to view documentation for each API.
Authentication
Most API calls require an authentication access token in the header. Here’s how to obtain it if you’re a human user:
- Use a username and password to obtain an API key (refresh token) with the Authentication > Login method.
- Use the API key to obtain an access token with the Authentication > Authenticate method.
If you’re a machine, your API key will be provided by your operator.
Access tokens expire after 8 minutes. You need to obtain a new token after it expires. Token expiration and renewal is handled automatically by the Conjur client libraries.
SSL verification
If you self-host Conjur, use the public key certificate you obtained when running conjur init for SSL verification when talking to your Conjur endpoint. This certificate is not a secret, so you can check it into source control if needed.
For example, with curl you can use the cert like so:
|
The following APIs enable you manage DAP authentication tasks:
|
API |
Description |
|---|---|
|
Gets the API key of a user given the username and password via HTTP Basic Authentication. |
|
|
Gets a short-lived access token, which can be used to authenticate requests to (most of) the rest of the Conjur API. |
|
|
Changes a user’s password. |
|
|
Replaces your own API key with a new, securely random API key. |
|
|
Replaces the API key of another role you can update with a new, securely random API key. |
|
|
Allows you to check the status of your authenticator. |
|
|
Provides information about the client making an API request. |
Secrets
A Variable is an access-controlled list of encrypted data values. The values in a Variable are colloquially known as “secrets”.
Only the twenty most recent values in a Variable are retained; this prevents the database from growing without bounds.
The following APIs enable you to manage secret values within specified Variables.
|
API |
Description |
|---|---|
|
Creates a secret value within the specified Variable. |
|
|
Fetches the value of a secret from the specified Variable. |
|
|
Fetches multiple secret values in one invocation. |
Policies
The following APIs help you to manage Conjur Policies.
|
API |
Description |
|---|---|
|
Loads or replaces a Conjur policy document. |
|
|
Adds data to the existing Conjur policy. |
|
|
Modifies an existing Conjur policy. |
Role-based control
The following APIs help you to manage Conjur role-based access controls.
|
API |
Description |
|---|---|
|
Gets detailed information about a specific role, including the role members. |
|
|
List members within a role. |
|
|
Lists resources within an organization account. |
|
|
The response to this method is a JSON document describing a single resource. |
|
|
Lists the roles which have the named permission on a resource. |
|
|
Checks whether a role has a privilege on a resource. |
Host Factory
The following APIs enable you to manage Host Factory features.
|
API |
Description |
|---|---|
|
Creates one or more tokens which can be used to bootstrap applications. |
|
|
Revokes a token, immediately disabling it. |
|
|
Creates an application ( |
Public keys
The following API lets you manage public key settings.
|
API |
Description |
|---|---|
|
Shows all public keys for a resource as newline delimited string for compatibility with the authorized keys SSH format. |
Health Check
The following API enables you to request health checks.
|
API |
Description |
|---|---|
|
Enables you to request health checks against any cluster node. |
Authenticators
Once an authenticator is configured and enabled, an authentication request can be sent to DAP.
|
API |
Description |
|---|---|
|
When the Azure Authenticator is configured and enabled, an Azure instance can send an authentication request to DAP. |
