Postman collection for application management
This guide helps you to test the CyberArk Identity application management related APIs using postman collection. Postman is an HTTP testing API application that allows you to monitor requests and responses.
Prerequisites
- Install postman from https://www.postman.com/downloads/
- Get access to CyberArk Identity tenant
- Create a user that has application management administrative rights.
Import postman collection
Get started with postman collection
Once the postman collection is imported, the following variables have to be pre-filled to run the collection based on the functionality you want to try out.
Authentication is required to access the APIs related to application management. The authenticated user should contain application management administrative rights to access the APIs.
| Variable name | Description |
|---|---|
| tenant_url | The URL of the CyberArk Identity tenant (https://example.idaptive.app). The URL will be used for all API requests to CyberArk Identity. |
| username | The username of the CyberArk Identity directory user. |
| password | The password of the CyberArk Identity directory user. |
| app_key | The application key of the app. The app key can be retrieved from the settings tab of the app once the app is created. |
| admin_tag | Tags for the applications. |
| description | Description of the application. |
| icon | Icon URL for the application. |
| icon_uri | Icon URL for the application. |
| name | Name for the application. |
| organization_id | Organization ID to which the application should be added. |
| service_name | Application ID for the application. |
| show_in_user_portal | A boolean that specifies whether the application should be displayed in the user portal or not. |
| app_names | The names of the applications that are to be imported from the templates. |
| rights | The rights granted to the user for applications. i.e., Grant, View, Manage, Run etc., |
| directory_service_uuid | The UUID of the directory service to which the user belongs. |
| tag_names | The tags that need to be added to the applications. |
The following variables should be pre-filled to create or update OpenID Connect applications:
| Variable name | Description |
|---|---|
| oidc_allow_login_by | The value tells whether the RP or CyberArk Identity initiates the login. |
| oidc_allow_refresh | Boolean value to enable/disable refresh tokens. |
| oidc_allow_scope_select | Boolean value to enable/disable scope selection on consent pop-up. |
| oidc_client_secret | A unique code that an authorization service issues when the service registers the application. You can think of it as the password for the client application. |
| oidc_confirm_consent | Boolean flag to enable/disable OIDC consent. |
| oidc_scope_name | Name of the scope to be added. |
| oidc_scope_type | The type of scope. i.e., API/Custom Claims |
| oidc_allowed_rest_APIs | List of regexes of the allowed rest APIs. |
| oidc_post_logout_URIs | List of authorized post-logout URIs. |
| oidc_redirects | List of authorized redirect URIs. |
| oidc_refresh_token_lifetime | The refresh token lifetime. |
| oidc_token_lifetime | The lifetime of access and ID tokens. |
| oidc_script | The script to add custom claims. |
| oidc_relying_party_url | URL of the relying party application. |
The following variables should be pre-filled to create or update SAML applications:
| Variable name | Description |
|---|---|
| saml_spconfig_method | An integer value that takes the SP configuration method. It can either be: 1 - Metadata 2 - Manual Configuration |
| saml_spmetadata_url | The SP metadata URL. |
| saml_spmetadata_xml | The SP metadata XML. |
| saml_audience | SP Entity ID, also known as SP Issuer or Audience. |
| saml_acs_url | ACS URL |
| saml_recipient_SameAsAcsUrl | Boolean value that specifies if the recipient value is the same as ACS URL. |
| saml_sign_method | The SAML sign method. It can either be "response," "Assertion," or both. |
| saml_name_id_format | This is the Format attribute value in the element in SAML Response. Select the NameID Format that your Service Provider specifies to use. If SP does not specify one, select 'unspecified.' |
| saml_sp_slo_url | SP single logout URL |
| saml_encrypt_assertion | A boolean value that specifies if the SAML assertion should be encrypted or not. |
| saml_encryption_thumbprint | Encryption certificate thumbprint. |
| saml_relay_state | The relay state specified by the SP. |
| saml_authn_context_class | Select the Authentication Context Class that your Service Provider specifies to use if SP does not specify one, select "unspecified." |
| saml_attributes | The SAML attributes that have to be sent in the SAML assertion. |
| saml_script | The script is required for more complex logic for attribute mappings for your SAML response |
The following are some additional variables that should be pre-filled to create or update OAuth 2.0 applications along with OIDC applications:
| Variable name | Description |
|---|---|
| oauth_allow_public | A boolean flag that specifies whether public clients should be allowed or not. This is required for authorization code with PKCE flow. |
| oauth_allowed_auth | The list of allowed grant types. |
| oauth_client_id_type | The type of the client ID. It can be "Anything," "List," or "Confidential Client." |
| oauth_client | A boolean flag that specifies if it is an OAuth client or not. |
| oauth_token_type | The type of the OAuth token. There are two types of tokens: JwtRS256, and Opaque. |
Updated 5 months ago