RESTful API
介绍
PAM360 API为您提供了与PAM360连接、交互和集成的渠道,这些API属于状态指示转移(REST)分类。PAM360 API使用GET、PUT和POST方法,提供广泛的功能性操作,如创建资源、在这些资源上创建账户、添加SSL证书和SSH密钥、关联SSH密钥到资源、检索密码、检索资源/账户信息、可编程的密码更新、共享资源/账户给用户等等。
前提条件
API用户是通过Restful API执行应用到应用密码管理的必要条件。了解如何创建API用户。
API一览
调用API所使用到的方法
GET
用于获取资源、账户、密码、账户/资源信息
PUT
用于更新密码
POST
用于创建新的资源或账户
如何使用API?
API调用
API可通过HTTP POST、GET以及PUT请求方法进行调用,请求中的所有参数应form-urlencoded。对于所有API,您需要提供AUTH token(认证令牌),这是强制的。
支持的格式
PAM360支持JSON格式, 格式即URL结构可参考:
URL
https://<PAM360主机名称或IP地址>:<PAM360 WEB端口>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>
Header
AUTHTOKEN=<<PAM360中生成的令牌>>
PAM360提供的API有:
- 获取用户拥有的或共享的资源
- 获取资源的账户
- 获取账户明细
- 获取资源上的一个账户密码
- 修改一个账户的密码
- 创建一个新的资源
- 获得账户ID和资源ID
- 使用资源名称获得资源ID
- 从PAM360删除一个资源
- 请求管理者执行密码审批
- 获得密码请求列表
- 拒绝一个密码请求
- 批准一个密码请求
- 迁入管理者已批准的密码
- 迁出管理者已批准的密码
- 生成密码
- 创建一个新用户
- 编辑资源
- 删除指定资源上的一个账户
- 获取许可密钥、文件、数字证书、文档、图片等
- 在指定资源下创建账户
- 编辑指定资源下的一个账户
- 删除一个用户
- 创建一个API用户
- 创建一个新的SSH密钥
- 删除一个SSH密钥
- 获取所有的SSH密钥
- 获取一个指定的SSH密钥
- 导出一个SSH密钥
- 获取一个用户的SSH密钥
- 获取所有关联的用户
- 获取一个SSL证书
- 获取所有SSL证书
- 获取所有SSL证书过期时间
- 获取SSL证书明细
- 获取SSL证书库
- 获取SSL证书密码短语
- 添加一个SSL证书
- 删除一个SSL证书
- 执行SSL证书发现
- 执行SSL证书发现 (一个IP地址范围)
- 创建CSR
- 获取CSR列表
- 签署CSR
- 创建SSL证书
- 获取用户ID
- 通过用户名删除一个用户
- 添加一个用户到一个用户组
- 锁定一个用户
- 解锁一个用户
- 导入一个SSH密钥
- 关联一个SSH密钥
- 取消关联一个SSH密钥
- 创建一个动态资源组
- 获取审计明细
- 共享一个资源给一个用户
- 共享一个账户给一个用户
注意:
每次提交到PAM360服务器的API调用需要在请求头中附加认证令牌。
1. 获取用户拥有的或共享的资源
描述
获取API用户拥有的,或被分享的资源。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
无
示例请求
curl -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>"https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources
示例输出
输出结果中(如以下示例),您将会获得指定API用户所有拥有的,或被分享的资源
{ "operation" : { "name" : "GET RESOURCES" , "result " : { "status" : "Success", "message" : "Resources fetched successfully" }, "totalRows":3, "Details": { { "RESOURCE DESCRIPTION":"CentOS Machine", "RESOURCE NAME":"CentOS Machine", "RESOURCE ID":"301", "RESOURCE TYPE":"Linux", "NOOFACCOUNTS" : "3" }, { "RESOURCE DESCRIPTION":"Cisco IOS Device", "RESOURCE NAME":"Cisco IOS Device", "RESOURCE ID":"302", "RESOURCE TYPE":"Cisco IOS", "NOOFACCOUNTS":"2" }, { "RESOURCE DESCRIPTION":"Weblogic Data Source Password", "RESOURCE NAME":"WebLogic Server", "RESOURCE ID":"303", "RESOURCE TYPE":"WebLogic Server", "NOOFACCOUNTS":"2" } } } }
2. 获取资源的账户
描述
获取资源中的账户列表以及资源明细,可调用获取资源ID的API来获取资源ID。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/<Resource ID>/accounts
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
无
示例请求
curl -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>"https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/303/accounts
示例输出
输出结果中(如以下示例),您将会获得指定API用户所有拥有的,或被分享的资源
{ "operation":{ "name":"GET RESOURCE ACCOUNTLIST", "result ":{ "status": "Success , "message":"Resource details with account list fetched successfully" }, "Details":{ "RESOURCE ID":"303", "RESOURCE NAME":"MSSQL server", "RESOURCE DESCRIPTION" :"WebLogic Data source password", "RESOURCE TYPE":"MS SQL server", "DNS NAME":" sqlserver-l", "PASSWORD POLICY":"Strong", "DEPARTMENT": "SQL Server DBA" , "LOCATION":"Level 10", "RESOURCE URL":"http://sqlserver-1/", "RESOURCE OWNER": "admin", "CUSTOM FIELD":{ "CUSTOMFIELDVALUE":"78336298", "CUSTOMFIELDTYPE":"Numeric", "CUSTOMFIELDLABEL":"License No" , "CUSTOMFIELDCOLUMNNAME":"COLUMN_LONG1" }, { "CUSTOMFIELDVALUE":"Sep 10, 2013", "CUSTOMFIELDTYPE" : "Date", "CUSTOMFIELDLABEL":" Installed Date", "CUSTOMFIELDCOLUMNNAME" "COLUMN_DATE1" }, { "CUSTOMFIELDVALUE":"Tese123$*%%, "CUSTOMFIELDTYPE":"Password", "CUSTOMFIELDLABEL":"Resource Password", "CUSTOMFIELDCOLUMNNAME":"COLUMN_SCHAR1" }, { "CUSTOMFIELDVALUE":"YES" "CUSTOMFIELDTYPE":"Character", "CUSTOMFIELDLABEL":"Secure Resource", "CUSTOMFIELDCOLUMNNAME":"COLUMN_CHAR1" } }, "ACCOUNT LIST": { { "ISFAVPASS": "false", "ACCOUNT NAME":"sysdba", "PASSWDID":"308", "PASSWORD STATUS":"[In Use]", "ACCOUNT ID":"308" }, { "ISFAVPASS":"false", "ACCOUNT NAME":"system", "PASSWDID":"307" "PASSWORD STATUS":"*****", "ACCOUNT ID":"307" } } } } }
注意:如果密码访问控制已启用,且如果密码状态为“使用中”,您将看到密码状态为 [ In use ]。
3. 获取账户明细
描述
获取某资源的一个账户明细,您需要资源ID和账户ID来获取相应的信息。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
无
示例请求
curl -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>"https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/303/accounts/307
示例输出
{ "operation":{ "name":"GET RESOURCE ACCOUNT DETAILS", result":{ status":"Success", message":"Account details fetched successfully" }, "Details":{ "DESCRIPTION":"", "LAST ACCESSED TIME":"N/A", "LAST MODIFIED TIME":"Sep 10, 2013 3:33 PM", "PASSWORD STATUS":"*****", "PASSWDID":"307", "CUSTOM FIELD":[ { "CUSTOMFIELDVALUE": "56455567", "CUSTOMFIELDTYPE":"Numeric", "CUSTOMFIELDLABEL":"Account LIC Number", "CUSTOMFIELDCOLUMNNAME":"COLUMN_LONG1" }, { "CUSTOMFIELDVALUE": "Sep 10, 2013", "CUSTOMFIELDTYPE":"Date", "CUSTOMFIELDLABEL":"Acc creation date", "CUSTOMFIELDCOLUMNNAME":"COLUMN_DATE1" }, { "CUSTOMFIELDVALUE": "Test12345", "CUSTOMFIELDTYPE":"Password", "CUSTOMFIELDLABEL":"Secondary Password", "CUSTOMFIELDCOLUMNNAME":"COLUMN_SCHAR1" }, { "CUSTOMFIELDVALUE": "YES", "CUSTOMFIELDTYPE":"Character", "CUSTOMFIELDLABEL":"Secure Account", "CUSTOMFIELDCOLUMNNAME":"COLUMN_CHAR1" } ] } } }
4. 获取资源上的一个账户密码
描述
获取资源上的一个账户密码,您需要资源ID和账户ID来获取相应的信息。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>/password
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
如果您的系统启用了在检索密码时提供原因的配置,您需要使用以下示例的参数。如果也启用了工单集成,则您也需要提供相应的工单ID进行验证。
INPUT_DATA={"operation":{"Details":{"REASON":"Need the password to Login Windows Server","TICKETID":"7"}}}
示例请求
curl -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>"https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/303/accounts/307/password
curl -X GET -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json" --url -d 'https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/303/accounts/307/password?INPUT_DATA=\{"operation":\{"Details":\{"REASON":"Need the password to Login Windows Server","TICKETID":"7"\}\}\}'
示例输出
{
"operation":{
"name":"GET PASSWORD",
"result":{
"status": "Success",
"message":"Password fetched successfully" },
"Details":{
"PASSWORD":"fqxdB7ded@4" }
}
}
提示:如果在检索密码上遇到任何问题,相关原因将会作为消息的一部分显示出来。
5. 修改一个账户的密码
描述
修改某资源一个账户的密码,您需要资源ID和账户ID来获取相应的信息。如果也启用了工单集成,则您也需要提供相应的工单ID进行验证。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>/password
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
PUT
输入数据
您需要传入的数据,如新密码、重置类型及原因。重置类型为LOCAL或REMOTE。
INPUT_DATA={
"operation":{
"Details":{
"NEWPASSWORD":"Test@12345$",
"RESETTYPE":"LOCAL",
"REASON":"Password Expired",
"TICKETID":"7"
}
}
}
示例请求
curl -X PUT -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json" --url https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/303/accounts/307/password?INPUT_DATA=\{"operation":\{"Details":\{"NEWPASSWORD":"Test12345$","RESETTYPE":"LOCAL","REASON":"test","TICKETID":"7"\}\}\}
示例输出
{"operation":{"name":"CHANGE PASSWORD","result":{"status":"Success","message":"Password changed successfully" }
}
}
提示:如果在修改密码上遇到任何问题,相关原因将会作为消息的一部分显示出来。
6. 创建一个新的资源
描述
在PAM360中创建一个新的资源。
输入数据
您需要传入数据,如资源的名称、账户名称、资源类型、密码、URL、描述、注释以及其它资源或账户的附加字段。系统支持40个自定义字段(资源及账户级别,各20个)。这些字段中,资源名称、账户名称、资源类型和密码是强制字段。
INPUT_DATA={
"operation":{
"Details":{
"RESOURCENAME":"Windows Server",
"ACCOUNTNAME":"Administrator",
"RESOURCETYPE":"Windows",
"PASSWORD":"Test123#@!",
"NOTES":"Testing API",
"RESOURCEURL":"http://windowsserver/adminconsole",
"RESOURCEPASSWORDPOLICY":"Strong",
"ACCOUNTPASSWORDPOLICY":"Strong",
"RESOURCECUSTOMFIELD":[
{
"CUSTOMLABEL":"Secure Resource",
"CUSTOMVALUE":"YES"
}
],
"ACCOUNTCUSTOMFIELD":[
{
"CUSTOMLABEL":"Secure Account",
"CUSTOMVALUE":"YES"
}
]
}
}
}
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
示例请求
curl -X POST -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "content-Type: text/json" https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources -d 'INPUT_DATA={"operation":{"Details":{"RESOURCENAME":"Windows Server","ACCOUNTNAME":"Administrator","RESOURCETYPE":"Windows","PASSWORD" :"Test@123,"RESOURCEPASSWORDPOLICY":"Strong","ACCOUNTPASSWORDPOLICY":"Strong","RESOURCECUSTOMFIELD":[{"CUSTOMLABEL":"Secure Resource","CUSTOMVALUE":"YES"}],"ACCOUNTCUSTOMFIELD":[{ "CUSTOMLABEL":"Secure Account","CUSTOMVALUE":"YES"}]}}}'
示例输出
{"operation":{
"name":"CREATE RESOURCE",
"result":{
"status":"Success",
"message":"Resource Windows Server has been added successfully"
}
}
提示:如果您想要将新资源添加到管理员/密码管理员/特权管理员名下,则您需要传递一个附加参数 "OWNERNAME" ,该参数应指示资源应添加到哪个用户。如果是添加资源到AD用户,则用户名格式应为 "Domain-Name\\UserName"。
INPUT_DATA={ "operation":{ "Details":{ "RESOURCENAME":"Windows Server", "ACCOUNTNAME":"Administrator", "RESOURCETYPE":"Windows", "PASSWORD":"Test@123", "NOTES":"Testing API", "RESOURCEURL":"http://windowsserver/adminconsole", "OWNERNAME":"admin", "RESOURCECUSTOMFIELD":[ { "CUSTOMLABEL":"Secure Resource", "CUSTOMVALUE":"YES" } ], "ACCOUNTCUSTOMFIELD":[ { "CUSTOMLABEL":"Secure Account", "CUSTOMVALUE":"YES" } ] } } }
提示:如果您想要将资源加入一个静态资源组,则需使用参数"RESOURCEGROUPNAME",来指示需要添加到的资源组的名称。 如果该组已存在,则资源会添加到组内,如果不存在,则系统会自动将组创建出来。
INPUT_DATA={ "operation":{ "Details":{ "RESOURCENAME":"Windows Server", "ACCOUNTNAME":"Administrator", "RESOURCETYPE":"Windows", "PASSWORD":"Test123#@!", "NOTES":"Testing API", "RESOURCEURL":"http://windowsserver/adminconsole", "RESOURCEGROUPNAME":"Windows Servers", "RESOURCECUSTOMFIELD":[ { "CUSTOMLABEL":"Secure Resource", "CUSTOMVALUE":"YES" } ], "ACCOUNTCUSTOMFIELD":[ { "CUSTOMLABEL":"Secure Account", "CUSTOMVALUE":"YES" } ] } } }
提示:您也可以在PAM360中添加文件资源,添加新的文件资源,请求中的'Content-Type'属性值应按照以下示例修改。修改后,您只需将文件与它一并提交即可。
INPUT_DATA={ "operation":{ "Details":{ "RESOURCENAME":"Active Directory", "ACCOUNTNAME":"Administrator", "RESOURCETYPE":"License Store", "PASSWORD":"Test123#@!", "NOTES":"Testing API", "RESOURCEURL":"http://windowsserver/adminconsole" } } }
示例请求
curl -X POST -k -H "Content-Type: multipart/form-data" -F 'file=@standalonesample.txt' -F 'INPUT_DATA={"operation":{"Details":{"RESOURCENAME":"Windows erver","ACCOUNTNAME":"Administrator","RESOURCETYPE":"File Store", "PASSWORD":"Test123#@!","NOTES":"Testing API","RESOURCEURL":"http://windowsserver/adminconsole"}}}' 'https://<PAM360主机名称或其IP地址>ort>/ restapi/json/v1/resources?AUTHTOKEN=<<从PAM360生成的令牌>>
7. 获得账户ID和资源ID
描述
获得账户ID和资源ID,您需要在URL中传递资源名称和账户名称。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/getResourceIdAccountId? RESOURCENAME=(Resourcename)&ACCOUNTNAME=(Account name)
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
无
示例请求
curl -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" "https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/getResourceIdAccountId?RESOURCENAME=MSSQLServer&ACCOUNTNAME=system"
示例输出
{"operation":{"name":"GET_RESOURCEACCOUNTID","result":{"status":"Success","message":"Resource ID and account ID fetched successfully for the given resource
name and account name." },
"Details":{"RESOURCEID":"303","ACCOUNTID":"307" }
}
}
8. 使用资源名称获得资源ID
描述
获取资源ID,需要在URL中传递资源的名称。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/resourcename/{RESOURCENAME}
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
DELETE
输入数据
无
示例请求
curl -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>"https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/resourcename/test
示例输出
{"operation":{"name": "GET_RESOURCEID","result":{"status": "Success","message": "Resource ID fetched successfully for the given resource name."},
"Details":{"RESOURCEID": "1"}}
9. 从PAM360删除一个资源
描述
删除一个资源,需要指定资源的ID,资源ID可从获取资源ID的API获得。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/{resourceid}
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
DELETE
输入数据
无
示例请求
curl -X -H "AUTHTOKEN:<<从PAM360生成的令牌>>" DELETE https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/307
示例输出
{ "operation":{ "name":"DELETE RESOURCE" "result":{"status":"Success" "message":"Resources deleted successfully."}
}
10. 请求管理者执行密码审批
描述
请求管理者执行密码访问审批方法,需要在URL中指定账户ID。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/{accountid}/requestpassword
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
如果您的系统设置要求在请求密码时输入原因,则您需要设置参数:INPUT_DATA= { "operation" : { "Details" : { "REASON" : "asdefefe"}}}
示例输出
{ "operation":{ "Details":{
PASSWDID":"1" "REASON":"Testing" }
}
}
示例请求
curl -X POST -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json" https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/7/requestpassword?INPUT_DATA= { "operation" : { "Details":{ "REASON" : "Testing"}}}
示例输出
{ "operation":{
"name":"REQUEST_PASSWORD" ,"result":{"status":"Success" ,"message":"Request to view password have been raised successfully" },
"Details":{"STATUS" : "WAITING FOR APPROVAL / CHECKOUT" ;
}
}
}
11. 获得密码请求列表
描述
获得批准或拒绝的密码请求列表。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/passwordaccessrequests
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
无
示例输出
INPUT_DATA= { "operation" : { "Details" : { "REASON" : "Testing", "TICKETID" : "7"}}}
示例请求
curl -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>"https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/passwordaccessrequests
示例输出
{
"operation":{
"name":"GET_PASSWORDREQUEST"
"result":{
"status":"Success"
"message" : "Password Request fetched successfully"
}
"Details": {
"REQUESTER USERID":"2"
"REQUESTED BY":"guest"
"REQUESTED BY FULLNAME" : "Guest guest"
"PASSWORDREQUESTLIST" : [
{
"ACCOUNT ID" : "1"
"ACCOUNT NAME" : "ACCOUNT1"
"RESOURCE ID":"1"
"RESOURCE NAME":"apt-server1"
"PASSWD ID" : "1"
"STATUS":""
"REQUESTED TIME":"Nov 27
"REASON" : "For connecting the machine and update the PAM360 server".
}
{
"ACCOUNT ID" : "2"
"ACCOUNT NAME" : "ACCOUNT2"
"RESOURCE ID":"2"
"RESOURCE NAME":"apt-server2"
"PASSWD ID" : "2"
"STATUS":""
"REQUESTED TIME":"Nov 28
"REASON" : "For connecting the machine and update the PAM360 server".
}
]
}
}
}
提示:Requester ID即用户ID,指示谁请求密码访问。
12. 拒绝一个密码请求
描述
用于管理者拒绝密码请求的方法,此API需要账户ID和请求人ID。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/{accountid}/requester/{requesterid}/reject
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
示例输出
{ "operation":{ "Details":{ "PASSWDID":"1" "REQUESTEDID" : "2" (userid of the request raised user) } } }
提示:Requester ID即用户ID,指示谁请求密码访问。
示例请求
curl -X POST -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json"https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/7/requester/34/reject
示例输出
{ "operation":{ "name" : "ADMIN_REQUEST_REJECT""result" : {"status" : "Success""message": "Password Rejected successfully" }
}
}
13. 批准一个密码请求
描述
用于管理者批准密码请求的方法,此API需要账户ID和请求人ID。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/{accountid}/requester/{requesterid}/approve
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
无
提示:Requester ID即用户ID,指示谁请求密码访问。REQUESTEDID可从获取密码请求API获得(REQUESTER USERID)。
示例请求
curl -X POST -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json" https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/7/requester/34/approve
示例输出
{ "operation" : { "name" : "ADMIN_REQUEST_APPROVE""result" : { "status" : "Success""message": "Password Approved successfully" }
}
}
14. 迁入管理者已批准的密码
描述
迁入管理者已批准的密码,URL中需要传递相应的账户和请求人ID。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/{accountid}/requester/{requesterid}/checkin
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
{ "operation":{ "Details":{ "PASSWDID" : "1" "REQUESTEDID" : "2" (userid of the request raised user)
}
}
提示:Requester ID即用户ID,指示谁请求密码访问。
示例请求
curl -X POST -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json"https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/7/requester/34/checkin
示例输出
{ "operation":{"name" : "ADMIN_REQUEST_CHECKIN""result" : {"status" : "Success""message" : "Password have been checked in successfully" }
}
}
15. 迁出管理者已批准的密码
描述
迁出管理者已批准的密码,URL中需要传递相应的账户和请求人ID。
URL
https://:<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/{accountid}/checkout
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
如果启用了迁出密码时必需提供原因的设置,您需要将以下参数添加到输入中:INPUT_DATA= { "operation" : { "Details":{ "REASON" : "asdefefe"}}}
示例输出
{ "operation":{ "Details":{ "REASON":"N/A" }
}
}
示例请求
curl -X POST -k-H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json"https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/accounts/7/checkout?INPUT_DATA= { "operation" : { "Details" : { "REASON" : "N/A"}}}
示例输出
{ "operation": { "name" : "REQUEST_CHECKOUT""result" : { "status" : "Success""message" : "Password have been checked out successfully"
"Details":{"STATUS" : "***** [checkIn]" }
}
}
16. 生成密码
描述
利用PAM360中的密码策略生成密码。
URL
https:// <PAM360主机名称或其IP地址> :<端口>/restapi/json/v1/passwords/generate
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
INPUT_DATA={ "operation" : { "Details" : { "POLICY" : "Strong"}}}
示例输出
{
"operation": {
"name": "GENERATE PASSWORD",
"result": {
"status": "Success",
"message": "Password generated successfully." },
"Details": {
"PASSWORD": "u%mdh7gfN" }
}
}
17. 创建一个新用户
描述
在系统中添加一个PAM360用户。
URL
https:// <PAM360主机名称或其IP地址> :<端口>/restapi/json/v1/user
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
INPUT_DATA={"operation": {"Details":{"USERNAME":"jason1", "FIRSTNAME":"Jason","LASTNAME":"J","FULLNAME":"JasonThomas","EMAIL":"jason@opmanager.com","POLICY":"Strong","ROLE":"Password User","ISSUPERADMIN":"true|false","PASSWORD":"Test@123","DEPARTMENT":"NOC","LOCATION":"Level 10 - South Wing","ISAPIUSER":"false","HOSTNAME":"admin-2100","EXPIRYDATE":"yyyy-mm-dd|NeverExpires"}}}
示例输出
{ "operation": { "name": "CREATE_USER", "result": { "status": "Success", "message": "User Created Successfully" } } }
18. 编辑资源
描述
编辑系统中管理的资源。
URL
https://severname:port/restapi/json/v1/resources/{RESOURCEID}
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
PUT
输入数据
(可选输入参数已灰色标记)
示例输出
提示:如果您想要编辑资源的类型,您需要附上参数"RESOURCETYPE",该参数指示指定的资源类型名称。但是需要注意,资源类型无法从Key Store、File Store、 License Store、Rackspace及AWS IAM修改为其它资源类型,反之亦然。
{ "operation" : { "Details": { "RESOURCENAME" : "Test", "LOCATION" : "4th floor", "RESOURCEURL" : "http://test", "RESOURCEPASSWORDPOLICY":"Strong", "DEPARTMENT" : "Test", "RESOURCEDESCRIPTION" : "Created for quality assurance", "RESOURCETYPE" : "Windows", "RESOURCECUSTOMFIELD" : [ { "CUSTOMLABEL" : "Secure Resource", "CUSTOMVALUE" : "YES" } ] } } }
示例请求
curl -X PUT -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json" 'https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/1? -d 'INPUT_DATA={"operation":{"Details":{"RESOURCENAME":"Test","LOCATION":"4thfloor","RESOURCEURL":"http://test","RESOURCEPASSWORDPOLICY":"Strong","DEPARTMENT": "Test", RESOURCEDESCRIPTION" : "Created for quality assurance", "RESOURCECUSTOMFIELD" : [{"CUSTOMLABEL" : "Secure Resource", "CUSTOMVALUE" : "YES" }]}}}'
示例输出
{"operation":{ "name":"EDIT RESOURCE", "result":{"status":"Success","message":"Resource Test modified successfully."}}}
19. 删除指定资源上的一个账户
描述
删除指定被管资源上的一个账户。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>/
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
DELETE
示例请求
curl -X DELETE -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json" 'https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/1/accounts/1
示例输出
{ "operation":{
"name":"DELETE ACCOUNT",
"result":{"status":"Success","message":"Account Test123 deleted successfully."}}}
20. 获取许可密钥、文件、数字证书、文档、图片等
描述
获取文件、密钥、证书等,一个单个资源,或其它类型资源的组成部分。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>/downloadfile
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
如果系统启用了下载文件时要求输入原因的设置,则您需要传递以下参数。如果也启用了工单集成,则您也需要提供相应的工单ID进行验证。
{"operation":{
"Details":{
"REASON":"Need the key file to connect the remote host", //如果原因是强制的,测设置此字段
"TICKETID":"7", //如果工单系统集成启用,则需设置工单ID
"ISCUSTOMFIELD":"true" //可选,如果要下载的资源是账户/资源的附加字段文本类型,则需设置
"CUSTOMFIELDTYPE":"ACCOUNT / RESOURCE" // 可选,如果是账户附加字段,则该字段必需设置为ACCOUNT,如果是资源,则为RESOURCE
"CUSTOMFIELDLABEL" : "LicenseFIle" // 可选,资源/账户附加字段的名称
}
}
}
示例请求
curl -i -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>"https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/1501/accounts/3601/downloadfile
21. 在指定资源下创建账户
描述
在指定资源ID下创建多个账户。
输入数据
您需要传递账户列表信息,包括账户的名称、密码、描述。
INPUT_DATA={"operation":{
"Details":{
"ACCOUNTLIST": [
{
"ACCOUNTNAME":"bestest047",
"PASSWORD":"Pa$$Word@123",
"ACCOUNTPASSWORDPOLICY":"Strong",
"NOTES":"IT Security - BES PAM360 API Test"
},
{
"ACCOUNTNAME":"bestest048",
"PASSWORD":"Pa$$Word@123",
"ACCOUNTPASSWORDPOLICY":"Strong",
"NOTES":"IT Security - BES PAM360 API Test"
}
]
}
}
}
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/<Resource ID>/accounts
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
示例请求
curl -X POST -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json" 'https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/1/accounts INPUT_DATA= {"operation":{ "Details":{ "ACCOUNTLIST": [{ "ACCOUNTNAME": "bestest047","PASSWORD":"Pa$$Word@123","ACCOUNTPASSWORDPOLICY":"Strong","NOTES":"IT Security - BES PAM360 API Test"},{"ACCOUNTNAME":"bestest048", "PASSWORD":"Pa$$Word@123","ACCOUNTPASSWORDPOLICY":"Strong","NOTES":"IT Security - BES PAM360 API Test"}]}}
示例输出
{"operation":
{"name":"ADD ACCOUNTS","result":
{"status":"Success","message":"Account added successfully"},
"Details":[
{"bestest047":{"STATUS":"Account added successfully"},
"bestest048":{"STATUS":"Account added successfully"}}]}}
22. 编辑指定资源下的一个账户
描述
编辑指定资源下的一个账户。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/<Resource ID>/accounts/<Account ID>/
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
PUT
示例输出
{ "operation" : {"Details" : {
"ACCOUNTNAME" : "Test account",
"ACCOUNTPASSWORDPOLICY":"Strong",
"NOTES":"Created for quality assurance",
"ACCOUNTCUSTOMFIELD" : [
{
"CUSTOMLABEL" : "Secure Account",
"CUSTOMVALUE" : "YES"
}
]
}
}
}
示例请求
curl -X PUT -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json" 'https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/1/accounts/1?-d INPUT_DATA= {"operation":{ "Details":{"ACCOUNTNAME" : "Test account","ACCOUNTPASSWORDPOLICY":"Strong","NOTES":"Created for quality assurance", ACCOUNTCUSTOMFIELD" : [{"CUSTOMLABEL" : "Secure Account", "CUSTOMVALUE" : "YES"}]}}}
示例输出
{"operation":{ "name":"EDIT ACCOUNT", "result":{"status":"Success","message":"Account Test account modified successfully"}}}
23. 删除一个用户
描述
删除一个指定的PAM360用户。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/user/{userid}
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
DELETE
示例请求
curl -X DELETE -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>"
-H "Content-Type: text/json"https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/user/307
示例输出
{"operation":{"name":"DELETE USER","result":{"status":"Success","message":"User Michael deleted Successfully"} } }
24. 创建一个API用户
描述
创建一个API用户。
URL
https:// <PAM360主机名称或其IP地址> :<端口>/restapi/json/v1/user
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
INPUT_DATA={"operation":{"Details":{"USERNAME":"jason","FULLNAME":"Jason
Thomas","EMAIL":"jason@opmanager.com","POLICY":"Strong","ROLE":"Password
User","ISSUPERADMIN":"true|false","DEPARTMENT":"NOC","LOCATION":"Level 10 - South
Wing","ISAPIUSER":"true","HOSTNAME":"admin-2100","EXPIRYDATE":"yyyy-mm-dd|NeverExpires"}}}
示例输出
{"operation":{"name":"CREATE_USER","result":{"status":"Success","message":"SUCCESS"},
"Details":{"AUTHTOKEN":"7DxxxAB-CAxxB-44xx5-8xx9-9317xxxxxEF0"}}}
25. 创建一个新的SSH密钥
描述
创建一个新的SSH密钥。
URL
https:// <PAM360主机名称或其IP地址> :<端口>/api/pki/restapi/createsshkey
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
以下数据必需传入:
{"operation":{"Details":{"keyName":"keytest",
"passPhrase":"passPhrase",
"comment":"comment",
"length":"2048",
"keyType":"ssh-rsa"}}}
示例请求
https://< PAM360主机名称或其IP地址 >:<端口>/api/pki/restapi/createsshkey?INPUT_DATA={"operation":{"Details":{"keyName":"keytest","passPhrase":"passPhrase","comment":"comment","length":"2048","keyType":"ssh-rsa"}}}
响应示例
{ "name": "CreateSSHKey",
"result": {
"status": "Success",
"message": "New SSH key created successfully" }
}
提示:可使用以下密钥类型来创建SSH密钥:
- sh-rsa (密钥长度: 1024/2048/4096)
- ssh-dss (密钥长度: 1024)
- d25519 (无)
- ecdsa (密钥长度: 256/384/521)
26. 删除一个SSH密钥
描述
删除一个特定的SSH密钥。
URL
https://< PAM360主机名称或其IP地址 >:<端口>/api/pki/restapi/deleteSSHKey
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
DELETE
输入数据
以下数据必需传入:
{"operation":{"Details":{"key_name":"newkey1","withoutDisassociation":"true"}}}
示例请求
https://< PAM360主机名称或其IP地址 >:<端口>/api/pki/restapi/deleteSSHKey?INPUT_DATA={"operation":{"Details":{"key_name":"newkey1","withoutDisassociation":"true"}}}
响应示例
{ "name": "DeleteSSHKey","result": { "status": "Success","message": "SSH keys newkey1 deleted successfully"}}
27. 获取所有的SSH密钥
描述
获取所有发现的SSH密钥。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getAllSSHKeys
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
无
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getAllSSHKeys
响应示例
{ "name": "GetAllSSHKeys", "result": { "status": "Success", "message": "All SSH Keys fetched successfully" }, "totalRows": 1, "details": [ { "KeyName": "testkey", "KeyType": "ssh-rsa", "KeyLength": "2048", "FingerPrint": "SHA256:v28/AlRYrpBKjAp4JoTRphLOkFdVb1ummVcyFHSfC5I", "isPassphraseAvailable": false, "CreatedBy": "mm", "CreationTime": "Today" } ] }
28. 获取一个指定的SSH密钥
描述
从发现的SSH密钥中获取一个指定的SSH密钥。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getSSHKey
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
操作名称以及密钥名称需要作为参数输入:
{"operation":{"Details":{"keyName":"key"}}}
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"key"}}}
响应示例
{ "name": "GetSSHKey", "result": { "status": "Success", "message": "SSH Key testkey fetched successfully" }, "details": [ { "KeyName": "testkey", "KeyType": "ssh-rsa", "KeyLength": "2048", "FingerPrint": "SHA256:v28/AlRYrpBKjAp4JoTRphLOkFdVb1ummVcyFHSfC5I", "isPassphraseAvailable": false, "CreatedBy": "mm", "CreationTime": "Today" } ] }
29. 导出一个SSH密钥
描述
导出一个指定的SSH密钥。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/exportSSHKey
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
操作名称以及密钥名称需要作为参数输入:
{"operation":{"Details":{"keyName":"key"}}}
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/exportSSHKey?INPUT_DATA={"operation":{"Details":{"keyName":"key"}}}
响应示例
Key file
30. 获取一个用户的SSH密钥
描述
获取与指定用户关联的所有SSH密钥。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getSSHkeysforuser
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
用户名和资源名称需要作为参数输入:
{"operation":{"Details":{"userName":"test","resourceName":"172.21.xxx.xx"}}}
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getSSHkeysforuser?&INPUT_DATA={"operation":{"Details":{"userName":"test","resourceName":"172.21.xxx.xx"}}}
响应示例
{ "name": "GetSSHKeysForUser", "result": { "status": "Success", "message": "SSH keys for user test of resource pmp-centos6 fetched successfully" }, "details": "testkey,testkey1" }
31. 获取所有关联的用户
描述
获取所有与SSH密钥关联的用户。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getAllAssociatedUsers
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
无
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getAllAssociatedUsers
响应示例
{ "name": "GetAllAssociatedUsers", "result": { "status": "Success", "message": "All associated users fetched successfully" }, "totalRows": 1, "details": [ { "UserName": "test", "ResourceName": "pmp-centos6" } ] }
32. 获取一个SSL证书
描述
从PAM360的证书库中获取一个证书。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getCertificate
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
操作明细及证书的名称,需要作为参数输入:
{"operation": { "Details" : { "common_name" : "*.google.com","serial_number":"XXXXXXXXXXXXXX" // optional to provide serial number to fetch certificate details}}}
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getCertificate?INPUT_DATA={"operation":{"Details":{"common_name":"*.google.com","serial_number":"XXXXXXXXXXXXXX"}}}
响应示例
Certificate object
33. 获取所有SSL证书
描述
从PAM360的证书库中获取所有的证书。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getAllSSLCertificates
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据 (可选)
INPUT_DATA={"operation":{"Details":{"withExpiryDaysLessThan":"500","withKeyLength":"1024","withSignatureAlgorithm":"SHA1"}}}
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getAllSSLCertificates?INPUT_DATA={"operation":{"Details":{"withExpiryDaysLessThan":"500","withKeyLength":"1024","withSignatureAlgorithm":"SHA1"}}}
响应示例
{ "name": "GetAllSSLCertificates", "result": { "status": "Success", "message": "All SSL Certificates fetched successfully" }, "totalRows": 2, "details": [ { "CertID": 1, "DNS Name/FQDN": "paytm.com", "Port": 443, "Common Name": "*.paytm.com", "Issuer": "GeoTrust Inc.", "FromDate": "Oct 13, 2015", "ExpiryDate": "Aug 27, 2017", "KeyStrength": "2048", "SignatureAlgorithm": "SHA256withRSA" }, { "CertID": 302, "DNS Name/FQDN": "204.141.32.155", "Port": 443, "Common Name": "*.zoho.com", "Issuer": "Sectigo Limited", "FromDate": "Jul 2, 2019", "ExpiryDate": "Apr 30, 2021", "KeyStrength": "2048", "SignatureAlgorithm": "SHA256withRSA" } ] }
34. 获取所有SSL证书过期时间
描述
获取所有SSL证书过期时间。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getAllSSLCertsExpiryDate
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
无
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getAllSSLCertsExpiryDate
响应示例
{ "name": "GetAllSSLCertificatesExpiryDate", "result": { "status": "Success", "message": "Certificates expiry date fetched successfully" }, "totalRows": 2, "details": [ { "Common Name": "*.paytm.com", "ExpiryDate": "Aug 27, 2017" }, { "Common Name": "*.zoho.com", "ExpiryDate": "Apr 30, 2021" } ] }
35. 获取SSL证书明细
描述
获取一个证书的明细信息。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getCertificateDetails
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
操作明细及证书的名称需要作为参数输入:
{"operation": {"Details":{"common_name":"*.google.com"}}}
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getCertificateDetails?INPUT_DATA={"operation": {"Details":{"common_name":"*.google.com"}}}
响应示例
{ "name": "GetCertificateDetails", "result": { "status": "Success", "message": "Details of certificate *.zoho.com fetched successfully" }, "details": [ { "certtype": "Domain", "certificateTemplate": "N/A", "endpoint": { "hostName": "*.zoho.com", "port": "443", "expiry_date": "2021-04-30 05:29:59.0", "from_date": "2019-07-02 05:30:00.0", "certSignAlg": "SHA256withRSA", "Sans": "*.zoho.com,zoho.com", "serial": "8c0b04e91a1796d86d1de5e89c8b3c5c", "fingerPrint": "aeecb6227dc8adef18a8fb99465739996e2782a8", "keyalg": "RSA", "PublicKeyLength": 2048, "PrivateKey": false, "isAWS": false }, "isCertInstalledMulipleServers": false, "issuer": { "cname": "Sectigo RSA Domain Validation Secure Server CA", "org": "Sectigo Limited", "orgunit": "-" }, "issuedto": { "cname": "*.zoho.com", "org": "-", "orgunit": "Domain Control Validated" }, "intermediate": {}, "ipaddress": "204.141.32.155", "CertificateId": "302" } ] }
36. 获取SSL证书库
描述
获取一个指定证书的keystore文件。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getCertificateKeyStore
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
操作名称以及keystore文件的通用名需要作为参数输入:
{"operation" : { "Details" : {"common_name" : "apitest","serial_number":"XXXXXXXXXXXXXX" //可选提供序号来获取keystore文件}}}
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getCertificateKeyStore?INPUT_DATA={"operation":{"Details":{"common_name":"apitest","serial_number":"XXXXXXXXXXXXXX"}}}
响应示例
KeyStore File Object
37. 获取SSL证书密码短语
获取证书的私有密钥密码短语。
URL
https://< PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getCertificatePassphrase
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
以下数据必需传入:
{"operation":{"Details":{"common_name":"mycert","serial_number":"XXXXXXXXXXXXXX"}}}
示例请求
https://< PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/getCertificatePassphrase?INPUT_DATA={"operation":{"Details":{"common_name":"mycert","serial_number":"XXXXXXXXXXXXXX"}}}
响应示例
{ "name": "GetCertificatePassphrase","result": {"status": "Success","message": "Private key passphrase of certificate mycert is 123456789"}}
38. 添加一个SSL证书
添加一个SSL证书到PAM360的证书库。
URL
https://< PAM360主机名称或其IP地址 >:<端口>/api/pki/restapi/addCertificate
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
以下数据必需传入:
输入数据: {"operation":{"Details":{"fileType":"KEYSTORE","PASSWORD":"PASSWORD"}}}
提示: 在输入数据中的文件类型,可以是CERTFILE或KEYSTORE。对于CERTFILE文件类型,无需指定PASSWORD字段。
示例请求
curl -X POST -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H 'Content-Type: multipart/form-data' -F INPUT_DATA='{"operation":{"Details":{"fileType":"KEYSTORE","PASSWORD":"PASSWORD"}}}' -F File=@D:/certs/newcert.keystore https://< PAM360主机名称或其IP地址 >:<端口>/api/pki/restapi/addCertificate
响应示例
{
"name": "AddCertificate",
"result":
{{"Status":"Success",
"Message": "Certificate newcert.com added successfully"}
}
}
39. 删除一个SSL证书
描述
从PAM360的证书库中删除一个证书。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/deleteCertificate
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
DELETE
输入数据
操作名及证书的通用名需要作为参数输入:
{"operation": {"Details":{"common_name" : "apitest","serial_number" : "XXXXXXXXXXXXXX" //optional to provide serial number to delete a certificate}}}
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/deleteCertificate?INPUT_DATA={"operation": {"Details":{"common_name":"apitest","serial_number":"XXXXXXXXXXXXXX" // optional to provide serial number to fetch certificate details}}}
响应示例
{"name":"DeleteCertificate","result":{"status":"Success","message":"Certificate apitest deleted successfully."}}
40. 执行SSL证书发现
描述
发现一个指定的SSL证书。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/sslCertSingleDiscovery
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
主机的名称/IP地址,以及端口号需要作为参数输入:
{"operation":{"Details":{"HOST":"de-ubuntu10-1","TIMEOUT":"300","PORT":"<端口>"}}}
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/sslCertSingleDiscovery?INPUT_DATA={"operation":{"Details":{"HOST":"de-ubuntu10-1","TIMEOUT":"300","PORT":"<端口>"}}}
响应示例
{ "name": "Get SSL Discovery", "totalRows": 1, "details": { "zoho.com": [ "SUCCESS", "SSL Certificate already available, *.zoho.com certificate found at port 443" ] } }
41. 执行SSL证书发现 (一个IP地址范围)
描述
对一组SSL证书进行发现。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/sslCertRangeDiscovery
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
起始及结束IP地址、端口号以及超时时间需要作为参数输入。
{"operation":{"Details":{"StartIpAddress":"192.xxx.xxx.x",
"EndIpAddress":"192.xxx.xxx.x",
"TIMEOUT":"3",
"PORT":"443"}}}
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/sslCertRangeDiscovery?INPUT_DATA={"operation":{"Details":{"StartIpAddress":"192.xxx.xxx.0","EndIpAddress":"192.xxx.xxx.3","TIMEOUT":"3","PORT":"443"}}}
响应示例
{ "name": "Get SSL Discovery", "totalRows": 4, "details": { "192.168.216.1": [ "FAILURE", "Connection failed,no certificate found at port 443" ], "192.168.216.0": [ "FAILURE", "Connection timed out,no certificate found at port 443" ], "192.168.216.2": [ "FAILURE", "Connection timed out,no certificate found at port 443" ], "192.168.216.3": [ "FAILURE", "Connection timed out,no certificate found at port 443" ] } }
42. 创建CSR
描述
创建一个证书签名请求。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/createCSR
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
以下数据需要作为参数输入:
{"operation":{"Details":{"CNAME":"mytestcert",
"ALT_NAMES":"test",
"ORGUNIT":"zohocorp",
"ORG":"manageengine",
"LOCATION":"chennai",
"STATE":"Tamilnadu",
"COUNTRY":"IN",
"PASSWORD":"zohocorp",
"VALIDITY":"888",
"VALIDITY_TYPE":"days",
"ALG":"RSA",
"LEN":"4096",
"SIGALG":"SHA256",
"StoreType":"PKCS12"}}}
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/createCSR?INPUT_DATA={"operation":{"Details":{"CNAME":"mytestcert", "ALT_NAMES":"test", "ORGUNIT":"zohocorp", "ORG":"manageengine", "LOCATION":"chennai", "STATE":"Tamilnadu","COUNTRY":"IN", "PASSWORD":"zohocorp", "VALIDITY":"888", "VALIDITY_TYPE":"days", "ALG":"RSA", "LEN":"4096", "SIGALG":"SHA256", "StoreType":"PKCS12"}}}
响应示例
{"name":"CreateCertificate","result":{"status":"Success","message":"CSR saved successfully"}}
43. 获取CSR列表
描述
获取CSR列表。
HTTPS方法
GET
输入数据
INPUT_DATA={"operation":{"Details":{"common_name":"testcsr"}}} (可选)
提示:如果没有INPUT_DATA,将获取所有的CSR。使用INPUT_DATA,指定CSR的通用名,获取指定的CSR。
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
示例请求
https://<HostName>:7272/api/pki/restapi/getCSRList
响应示例
{ "name": "GetCSRList", "result": { "status": "Success", "message": "Fetched all CSRs successfully" }, "totalRows": 1, "details": [ { "CREATED_BY": "admin", "KEYALGORITHM": "RSA", "KEYSTORE_TYPE": "JKS", "isPassword": true, "CSR_ID": 1, "CREATED_DATE": "May 15, 2020 19:51", "LOGIN_ID": 301, "KEY_STRENGTH": 2048, "DOMAIN_NAME": "testcsr", "VALIDITY": "30", "SIGNATURE_ALGORITHM": "SHA256withRSA" } ] }
44. 签署CSR
描述
签署CSR
HTTPS方法
POST
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
输入数据
INPUT_DATA={"operation":{"Details":{"serverName":"pam360-w12r2-1","caName":"pam360-w12r2-1-ca","templateName":"DomainController","CSR_ID":"1"}}}
示例请求
https://<HostName>:7272/api/pki/restapi/signCSR
响应示例
{"name":"SignCSR","result":{"status": "Success","message":"Successfully testdomain.com certificate signed"}}
45. 创建SSL证书
描述
创建一个SSL证书。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/createCertificate
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
以下数据需要作为参数输入:
{"operation":{"Details":{"CNAME":"mytestcert",
"ALT_NAMES":"test",
"ORGUNIT":"zohocorp",
"ORG":"manageengine",
"LOCATION":"chennai",
"STATE":"Tamilnadu",
"COUNTRY":"IN",
"PASSWORD":"zohocorp",
"VALIDITY":"888",
"VALIDITY_TYPE":"days",
"ALG":"RSA",
"LEN":"4096",
"SIGALG":"SHA256",
"StoreType":"PKCS12"}}}
示例请求
https://
响应示例
{"name":"CreateCertificate","result":{"status":"Success","message":"Certificate saved successfully"}}
46. 获取用户ID
描述
通过用户名获取用户的ID。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/user/getUserId
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
orgName= <<机构的显示名>>
HTTP方法
GET
输入数据
无
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/user/getUserId?USERNAME=user1
响应示例
{ "operation": { "name":"get_USERID", "result": { "status":"Success","message":"User Id for the specified username have been
fetched successfully"},"Details":{"USERID":"1"}}}
47. 通过用户名删除一个用户
描述
通过用户名删除一个用户。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/user?USERNAME=(username)
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
orgName= <<机构显示名>>
HTTP方法
DELETE
输入数据
无
示例请求
https://<PAM360主机名称或IP地址>:<端口>/restapi/json/v1/user?USERNAME=admin1
响应示例
{"operation":{"name":"DELETE USER","result":{"status":"Success","message":"User admin1 deleted successfully"}}}
48. 添加一个用户到一个用户组
描述
通过用户名及用户组名,将一个用户添加到一个用户组。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/user/addUserToUserGroup?USERNAME=(username)&USERGROUPNAME=(usergroupname)
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
orgName= <<机构的显示名>>
HTTP方法
POST
输入数据
无
示例请求
https://<Host-Name-of-PAM360-ServerORIP address>:<端口>/restapi/json/v1/user/addUserToUserGroup?=admin1&USERGROUPNAME=TestGroup
响应示例
{"operation":{"name":"ADD USER TO USERGROUP","result":{"status":"Success","message":"User admin1 added to User Group TestGroup successfully"}}}
49. 锁定一个用户
描述
通过用户名来锁定一个用户。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/user/lock?USERNAME=(username)
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
orgName= <<机构的显示名>>
HTTP方法
PUT
输入数据
无
示例请求
https://<PAM360主机名称或IP地址>:<端口>/restapi/json/v1/user/lock?USERNAME=apiuser
响应示例
{"operation":{"name":"LOCK USER","result":{"status":"Success","message":"User account apiuser locked successfully."}}}
50. 解锁一个用户
描述
通过用户名称解除用户的锁定状态。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/user/unlock?USERNAME=(username)
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
orgName= <<机构的显示名>>
HTTP方法
PUT
输入数据
无
示例请求
https://<PAM360主机名称或IP地址>:<端口>/restapi/json/v1/user/unlock?USERNAME=apiuser
响应示例
{"operation":{"name":"UNLOCK USER","result":{"status":"Success","message":"User account apiuser unlocked successfully. "}}}
51. 导入一个SSH密钥
描述
导入一个SSH密钥。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/addSSHKey
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
以下数据需要作为参数输入:
{ "operation": { "Details": { "keyName":"testkey","passphrase":"passtrix" } } }
示例请求
curl -X POST -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"keyName":"testkey","passphrase":"passtrix"}}} -F File=@D:/certs/keys/test1-passtrix/test1_Jul-21-2017-15_56.key https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/addSSHKey
响应示例
{ "name":"addSSHKey","result": { "status":"SUCCESS","message":"Key imported successfully" } }
52. 关联一个SSH密钥
描述
关联一个SSH密钥。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/associateKey
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
以下数据需要作为参数输入:
{ "operation": { "Details": { "keyName":"testkey","resourceName":"test.csez.zohocorpin.com","userName":"test" } } }
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/associateKey?INPUT_DATA={"operation":{"Details":{"keyName":"testkey","resourceName":"test.csez.zohocorpin.com","userName":"test"}}}
响应示例
{ "name": "associateKey", "result":
{ "status": "Success", "message": "Key associated successfully"
}
}
53. 取消关联一个SSH密钥
描述
取消关联一个SSH密钥。
URL
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/dissociateKey
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
以下数据需要作为参数输入:
{ "operation": { "Details": { "keyName":"testkey","resourceName":"test.csez.zohocorpin.com","userName":"test" } } }
示例请求
https://<PAM360主机名称或其IP地址>:<端口>/api/pki/restapi/dissociateKey?INPUT_DATA={"operation":{"Details":{"keyName":"testkey","resourceName":"test.csez.zohocorpin.com","userName":"test"}}}
响应示例
{ "name": "dissociateKey", "result": { "status": "SUCCESS", "message": "Key dissociated successfully." } }
54. 创建一个动态资源组
描述
在PAM360中创建一个动态资源组。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resourcegroup
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
POST
输入数据
以下数据需要作为参数输入:
{
"operation": {
"Details": {
"critgroup": "CG1",
"critdesc": "description about CG1",
"RuleCriteria": "Low",
"NoHelpDeskRetrieval": "false",
"andor": "and",
"NoOfCriteria": 2,
"condition_1": "RESOURCENAME",
"operator_1": "CONTAINS",
"valuefield_1": "win",
"condition_2": "LOGINNAME",
"operator_2": "CONTAINS",
"valuefield_2": "PAM360"
}
}
}
示例请求
curl -X POST -k -H "AUTHTOKEN:<<从PAM360生成的令牌>>" -H "Content-Type: text/json"
'https://192.xxx.xxx.29:<端口>/restapi/json/v1/resourcegroup -d
'INPUT_DATA={
"operation": {
"Details": {
"critgroup": "CG1",
"critdesc": "description about CG1",
"RuleCriteria": "Low",
"NoHelpDeskRetrieval": "false",
"andor": "and",
"NoOfCriteria": 2,
"condition_1": "RESOURCENAME",
"operator_1": "CONTAINS",
"valuefield_1": "win",
"condition_2": "LOGINNAME",
"operator_2": "CONTAINS",
"valuefield_2": "PAM360"
}
}
}
示例输出
{ "operation": { "name":"CREATE RESOURCE GROUP", "result": { "status":"Success", "message":"Group CG1 has been added successfully."} } }
55. 获取审计明细
描述
从PAM360中获取审计明细。
URL
https://<Host-Name-of-PAM360-ServerORIPaddress>:<端口>/restapi/json/v1/audit?AUDITTYPE=<<Resource/User>>&STARTINDEX=&LIMIT=&DURATION=<<TODAY / YESTERDAY/ LAST_7_DAYS >>
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
GET
输入数据
无
示例请求
https://localhost:<端口>/restapi/json/v1/audit?AUDITTYPE=Resource&STARTINDEX=1&LIMIT=2&DURATION=YESTERDAY
响应示例
{
"operation":
"name": "GET_AUDIT",
"result":
"status": "Success",
"message": "Audits fetched successfully."
},
"totalRows": 2,
"Details":
"AUDITID": "3002",
"RESOURCENAME": "Not Applicable",
"ACCOUNTNAME": "N/A",
"OPERATIONTYPE": "CI/CD Settings Updated",
"OPERATEDBY": "admin",
"IPADDRESS": "localhost",
"USERNAME": "N/A",
"LASTACCESSEDTIME": "2019-01-03 14:51:06.666",
"REASON": "Jenkins Authtoken Modified.",
"NAME": "N/A",
"CLIENT": "Web Client"
},
"AUDITID": "2113",
"RESOURCENAME": "test",
"ACCOUNTNAME": "test",
"OPERATIONTYPE": "Password Verification Failed",
"OPERATEDBY": "System",
"IPADDRESS": "localhost",
"USERNAME": "N/A",
"LASTACCESSEDTIME": "2019-01-03 01:45:00.107",
"REASON": "PAM360 could not verify the password integrity.",
"NAME": "N/A",
"CLIENT": "Web Client"
}
]
}
}
56. 共享一个资源给一个用户
描述
共享一个资源给一个用户。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/<resourceid>/share
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
PUT
输入数据
{"operation":{"Details":{"ACCESSTYPE": "modify","USERID":"1"}}}
支持的访问类型: view、modify、fullaccess、revoke
示例请求
https://<PAM360主机名称OR IP address>:<端口>/restapi/json/v1/resources/1/share
响应示例
{"operation":{"name":"SHARE RESOURCE","result":{"status":"Success","message":"Read and Modify permission granted to user successfully."}}}
57. 共享一个账户给一个用户
描述
共享一个账户给一个用户。
URL
https://<PAM360主机名称或其IP地址>:<端口>/restapi/json/v1/resources/<resourceid>/accounts/<accountid>/share
Header
AUTHTOKEN=<<从PAM360生成的令牌>>
HTTP方法
PUT
输入数据
{"operation":{"Details":{"ACCESSTYPE":"modify","USERID":"1"}}}
支持的访问类型: view、modify、revoke
示例请求
https://<PAM360主机名称或IP地址>:<端口>/restapi/json/v1/accounts/11/share
响应示例
{"operation":{"name":"SHARE ACCOUNT","result":{"status":"Success","message":"View and Modify permission granted to user successfully."}}}