Use REST APIs to create, list, modify and delete entities in the PAS solution from within programs and scripts.

You can automate tasks that are usually performed manually using the UI, and to incorporate them into system and account-provisioning scripts.

REST APIs are part of the PVWA installation, and can be used immediately without any additional configuration. Make sure your CyberArk license enables you to use the CyberArk PAS SDK. For more information, contact your CyberArk support representative.


As a general rule, we recommend that you always use the newest REST API version. The newer versions include better performance, support versioning, and have more capabilities. If you cannot find a corresponding REST API for the task that you want to perform, you can use the command line interface (PACLI). For details, see Command Line Interface (PACLI) .

In this section:

SDK Supported Platforms

The PAS SDK is a RESTful API that can be invoked by any RESTful client for various programming and scripting environments, including Java, C#, Perl, PHP, Python and Ruby.


The PAS SDK enables you to perform activities on PAS objects via a REST Web Service interface. Each PAS object has its own URL path in the PVWA website that can be accessed using the relevant HTTPS request verb.


Every HTTPS request must contain an HTTPS header field named Authorization that contains the value of a session token received from the Logon method.

REST APIs can be accessed with any tool or language that enables you to create HTTPS requests and handle HTTPS responses. For more information, refer to the C# and Java examples in Usage Examples.

Return Codes

The following table lists all the return codes that are returned from the REST APIs.

Return Code

Code Number




The request succeeded. The actual response will depend on the request method used.



The request was fulfilled and resulted in a new resource being created.

Bad request


The request could not be understood by the server due to incorrect syntax.



The request requires user authentication.



The server received and understood the request, but will not fulfill it. Authorization will not help and the request MUST NOT be repeated.

Not Found


The server did not find anything that matches the Request-URI. No indication is given of whether the condition is temporary or permanent.



The request could not be completed due to a conflict with the current state of the resource.

Internal Server Error


The server encountered an unexpected condition which prevented it from fulfilling the request.

TruePrivileged Access Security11.1