Postman collection for Workforce Password Management

This topic helps you to test the API related to Workforce Password Management using Postman collection. Postman is an HTTP-testing API application that enables you to monitor requests and responses.

Before you begin

Go to https://www.postman.com or install Postman from https://www.postman.com/downloads/ and search for the CyberArk WPM Rest API collection.

Authentication is required to access the APIs related to Workforce Password Management. Your user must be in a role with the Shared Credentials administrative right.

For more details, see Use a Postman collection for CyberArk Identity authentication.

<<Getting an auth token does not work as currently documented here or in the collection.>>

For the non-interactive user, we recommend using the Authorization options (OAuth) from the Workforce Password Management postman collection. These authorization methods are applicable for admin and non-admin users.

Get started with the Postman collection

You can use the following variables for the collection. You have to add values to these variables to run the collection.

Variable name

Description

baseUrl

The tenant URL of your application

For example, https://<tenantID>.my.idaptive.app

openIDAppName

The name of the OpenID Connect application used to authenticate to CyberArk Identity for auth token generation

A token is required for Workforce Password Management REST API authorization. Configure an OpenID connect application in CyberArk Identity before running API requests.

openIDClientID

The client identifier generated for the client during the OpenID Connect application registration

openIDClientSecret

The client secret generated for the OpenID Connect application

This is necessary for user authentication.

openIDScope

This can have comma-separated scope values required for token request. For example, all, openid.

TenantName

The tenant ID provided by CyberArk

UserName

The username of the application

Password

The password of the application

app_key

The unique identifier of the item (application or secured item) used to view, update, and remove operations

uuid

The unique user identifier for the CyberArk Identity user

ConnectorId

The unique identifier for a CyberArk Connector used in on-prem vault communication

The GetE2EEncryptionInfo API provides a connector ID that needs to be passed to subsequent update credentials requests for applications and secured items.

PublicKeyHash

The SHA256 function is used to generate hash for the public key

The public key is returned by the GetE2EEncryptionInfo API for end-to-end encryption. The key must be sent to subsequent update credentials request.

SymmetricKey

You can generate a symmetric key. This is used for end-to-end encryption for secured items. Symmetric key is encrypted using the asymmetric key before sending a request.

IV

Initialization vector in the symmetric key algorithm for end-to-end encryption in Secured Items

StartTime

The date from which shared applications and secured items are valid for shared users

endTime

The expiration date time for shared applications and secured items

Access the Postman collection

Collection Click to Run

E2E (end-to-end) Encryption

Restricted usernames

Admin Added Applications

User Added Applications

Secured Items

Import Accounts

Misc

Additional information

For additional information, right-click the collection and then click View documentation.

To learn more about Workforce Password Management, see Manage Workforce Password Management.