JUMP TOGet StartedGet Started with CyberArk Identity APIsAuthenticationAuthentication & AuthorizationLoginStarts a user authentication session.postAttempt to advance the state of an authentication session.postGet challenge state ID for Authentication profilepostStart a step-up challenge for sensitive appspostAnswer the registration challenge.postMultiFactor Auth support: answer out of band challenge.postSubmit DUO authenticationpostSubmit OATH OTP code for the specify userpostSubmit QR Code authenticationpostTerminate an incomplete session started with StartAuthentication or StartChallenge.postBegin the process of recovering a lost or forgotten user name.postStart a forgot username sessionpostAllows OAuth2 clients to perform on-demand step-up authentication challenges.postStart social authentication.postStarts a user authentication session for QR code authentication.postContinues user authentication.postLooks for the multi auth customer response.postLooks for the multi auth customer response.postConfirms user authentication state.postLoginpostLogoutLogout current user.postSign out for the current sessionpostSign out user everywherepostOAuth & OpenID ConnectAuthenticates a request.postConfirms the User Consent when invoked from UIpostEnd Session - destroy an OIDC sessionpostIntrospects the access token and refresh token.postProvides the public elements of the keypostRevokes the access tokenpostGets a token based on grant type.postReturns Claims about the authenticated End-UserpostGet metapostGets a CyberArk Identity Security Platform OIDC token based on grant type.postCreates a client token.postProgressive Password MigrationGet PPM Scipt and script editor helper infopostUpdate Progressive Password Migration ConfigurationpostMulti Factor EnrollmentPasswordsGenerates a password.postFetches a one-time passcode for the specified use.postChange the password for the current user after authenticationpostVerify password.postManage Security QuestionsAdd admin security questionpostDelete admin security question.postGet a specific admin security question.postGet list of all the admin security questions.postGet security questions for the current userpostResets (clears) security questions for a userpostUpdates security questions for a userpostManage U2F devicesDeletes the U2f device.postDelete a list of U2f devices.postGet the trusted facet list for the tenant.postGet registration challenge.postGets a list of U2f devices.postGets a list of U2f devices for the current user.postManage OATH profilesAdd a single OATH profile to a specific user.postForces the Idaptive oath profile to exist.postDelete a list of profiles.postGets data from a csv file.postGet import profile list.postGets the profile list for the user.postGets the oath profile list for a device.postResets the Idaptive OATH profile.postResynchronize a TOTP or HOTP token.postSave or update the default Idaptive profile.postSet response parameters to entity.postProcess a previously uploaded csv file.postUpdate the oath profile counter.postValidate the otp code.postManage Radius configurationGet all radius clients.postFetch Radius config for a specified connectorpostGet the list of RADIUS serverspostGet the user identifier attribute types.postRemove one or more radius clients if they exist.postRemove radius servers.postAdd or update a radius client.postChange radius config for a connector.postConfigures a Radius server.postAdditional APIs for MFAReturns QR Code datapostSet the phone pin for a userpostUser ManagementCreate UsersCreate a new user in the Cloud Directory ServicepostCreate new users in the Cloud Directory Service based on data read from files.postCreate a new user in the CyberArk Cloud Directory Service using minimal user informationpostCreate new users in the CyberArk Cloud Directory ServicepostSaves the user information.postStores the user settings.postBulk ImportBulk imports users from csv file.postReads a list of users for bulk import from a CSV filepostCreate a Bulk User Import scheduled task to process the uploaded filepostSend User InvitesInvite one or more users to the cloud portal.postSend email invitation to a specified user.postSend invitation emails to one or more users.postSend SMS invitation to a specified user.postManage User DataChange cloud user propertiespostUpdate a table's extended columnar schemapostChange cloud user properties and set the value of additional attributespostUpdate user attributes for a active directory userpostGet details for a specified cloud userpostGet details for a specified user by name.postGet the details of all existing cloud userspostGets all user settings of setting type.postGet the cached entity.postGet the cached user.postGet additional info for a specified userpostGet the user preferences.postGets user roles and administrative rights.postManage User StateChange the state of a cloud user from disabled to active or vice versapostSet user state for a specified cloud userpostChecks to see if a given user is cloud locked.postDetermine if the current user can (or cannot) satisfy the requisite MFA challengespostChecks to see if a given user is subject to cloud locks.postApplies or clears a cloud lock for a given user.postManage User AttributesGet details for the current userpostCheck to see if a user can edit attributes.postGets the value of an extended column.postGet the value of all extended attributes for a userpostGet a table's extended columnar schemapostSets the value of an extended column.postSet the value of extended attributes for a userpostSet a cloud user's picture file.postFetch a cloud user's picture.postDelete UsersRemove a user from the cloud.postRemove one or more users.postAdditional User Management APIsExempt a specified user from MFA login for a period of time.postFetch technical support user.postGrant portal access to technical support.postRefresh a user's cached identity.postRemoves AuthSource for list of userspostPerforms the action after confirming permission to do so.postVerifyIdentityOTP: Verify if the One Time Passcode matched with the stored valuepostGet Token for username Requires OATH2 Authorization headerpostRefresh current user's cached identity.postChecks to see if user has execute rights on the task.postChecks to see if user has execute rights on a list of tasks.postCheck if a user profile challenge is required for the current user.postUncache the user preferences.postUpdates various user preferences for the currently logged in user.postSaves an Security Image Name in DB.postOrganization ManagementOrganization ManagementCreate an organizationpostDelete an organization unitpostGet organization detailspostGet administrators for specific organizationpostGet administrative right definition for specific organizationpostGet roles of specific organizationpostGet All organizations unitspostChange membership on specific organizationpostCheck if current user can perform specific taskpostUpdate an organization unitpostUpdate organization administratorspostUpdate organization permission assignmentpostFetch the reporting hierarchy for a specified userpostRole ManagementRole ManagementCreate a RolepostUpdate members(Users or Roles or Groups) for an existing role.postAdd users or roles or groups to rolepostTo Assign administrative rights to roles.postTo Unassign administrative rights to role.postDelete a Role.postDelete a list of Roles.postGet a list of assigned administrative rights associated with a role.postList the roles and rights of a directory.postFetch a Proxy Notification Members.postGet the users for the specfied role id and return the paged results.postFetch a Role.postTo Get Role Members for a particular rolepostSet script of dynamic rolepostRun the script against a user to verify the expectations of the scriptpostTo Get Web Apps Information for a particular rolepostRemove users or roles or groups from the rolepostPolicy ManagementAuthentication ProfileDeletes an authentication profile.postGets an authentication profile.postGets a list of Authentication profiles.postGets an Authentication Assurance LevelpostSaves an authentication profile.postPolicy ManagementAdd an authentication policy modifier.postDelete an authentication policy modifier.postDelete a policy block.postGet the authentication policy modifiers.postGets a list of policy links.postGet policy block.postGets the oath otp name for the user.postGet the password complexity requirements for the user.postGet policy block.postRetrieves a boolean policy value.postRetrieves an integer policy value.postGet the policy meta data.postRetrieves a string policy value.postGet the rsop policy for the user and device.postGets the oath u2f name for the user.postGet using cloud mobile group policy.postGet a list of policies for a device.postSave a new or updated policy.postSaves a list of policy links.postSets the using cloud mobile group policy.postApplication ManagementApplication ManagementGet information for application templates.postChecks if Application is still available in the catalog.postCreate an application.postDelete an application.postGet information for an applicationpostGets the ID of an app from its service namepostGrant permissions on applications.postUpdates an application.postCreate a tag with no apps for the current user.postDelete a tagpostDownloads logs for the imported accounts file.postGet an application's data.postReturns list of credential providers.postReturns list of details for recently uploaded files.postReturn a user's portal applications and user accessible application's.postGet the list of application tags for the current user.postImport user credentials from csv.postRename a tagpostSet user credentials for an application.postupdate captured user application .postUpdate secured item credentials.postUpdate personal user application.postupdate user application for the current user.postUpload personal app icon.postUpload secured item icon.postAdd and update application tags for the current user.postAdd and update secured item tags for the current user.postGets all available data for the user portal in one call.postFederationFederationCreate federation.postDelete a federation.postGet a federation.postUpdate a federation.postRevokes federated group membership from a specific group for a specific user.postGet the federation metadata.postGets a list of federation types.postGets a list of federated groups.postRetreives a list of users that are members of a specific federated group.postRetrieves the Federated Group Memberships for a specfic user.postGet federation group assertion mappings.postUpdate federation group assertion mappings.postGet global federation settings.postUpdate the global group assertion mappings.postGet global group assertion mappings.postAdd global group assertion mapping.postDelete global group assertion mapping.postGets the public part of the Service Provider signing certificate.postGets the public part of the Service Provider signing certificate authority.postRemoves AuthSource from all users for a given FederationpostDirectory Service ManagementDirectory Service ManagementCreate a directory.postDeletes a directory.postCheck for the existence of a directory.postGet all of the directory service settingspostSets all given directory service setting valuespostUpdates the directory services stack for a tenant.postAssigns directoryfile rights to roles.postAssigns directory rights to roles.postList the directory contents of a directory.postGets the directory services.postGet a list of directory contents.postList the roles and rights to a directoryfile.postGets directory information for the path.postGet a list of directory contents with a file extension of 'report'.postList the file contents of a directory.postQuery all directory services for users, groups, and/or roles using a json query string.postGet a list of domains in the forest.postGets the active directory topology for the directory service Uuid or the domain name.postGets a list of domain controllers for the directory service Uuid in domain name.postGet domains and organizational units.postGoogle Directory Service ManagementCall back for the google directory service.postGets the IDP authorization state for the pollingToken.postGets the directory service configuration.postGets the state id and the service login url.postUpdates the directory service configuration.postUpdates the directory service configuration.postLDAP Directory Service ManagementAdds a service to the Lightweight Directory Access Protocol (LDAP) config.postRemove a service from the Lightweight Directory Access Protocol (LDAP).postGets the directory service version for an LDAP directory service specified by UUID.postGet the Lightweight Directory Access Protocol (LDAP) config.postGet the Directory Service UUID for a specific LDAP, using the name assigned by the user.postGets the list of mappable LDAP attributes.postGets a property to attribute mapping on an LDAP enabled directory service.postGets the scripting property to attribute mapping from an LDAP enabled directory service.postModify a service in the Lightweight Directory Access Protocol (LDAP) config.postSets a property to attribute mapping on an LDAP enabled directory service.postSets the scripting property to attribute mapping on an LDAP enabled directory service.postGets the results of the specified mappings by looking up a user by name.postVerify the Lightweight Directory Access Protocol (LDAP) directory service config.postDevice ManagementManage Mobile DevicesEnroll an Android Mobile DevicepostEnroll an iOS Mobile DevicepostDelete a device (Mobile + OSX)postDisable SSO on device (Mobile + OSX)postEnable SSO on device (Mobile + OSX)postDeletes the APNS Developer certificate details used to send push notifications to the MobilepostGets list of global permissions associated with devicepostReset Samsung KNOX container password (Samsung Mobile)postLock client app (Mobile)postLock device screen (Mobile + OSX)postPing a device (Mobile + OSX)postPower off a device (Mobile + OSX)postReapply device policies (Mobile + OSX)postReboot a device (Mobile + OSX)postUnenroll a device (Mobile + OSX)postReset client app lock pin (Mobile)postSets the APNS Developer certificate to be able to send push notifications to the MobilepostGrant permissions on devicespostSet a device as primary (Mobile)postUnlock a device (Mobile + OSX)postUpdate device policies (Mobile + OSX)postWipe a device (Mobile + OSX)postManage Windows DevicesAdd an enrollment codepostDelete an enrollment codepostDisables zero or more features for an enrolled machine.postEnables zero or more features for an enrolled machine.postEnrolls a machine to the CIP using user credentials.postGet all enrollment codespostReturns a machine certificate.postEnrolls a machine to the CIP using an enrollment code.postUnenroll an enrolled Agent.postPasswordsVerify password.postWindows DPATo create a local user on target windows machinepostTo delete a local user on target windows machinepostTo get the DpaAdmin user detailspost/{tenant_url}/WinDpa/SetDpaAdminpostTo get the DpaAdmin user detailspostManage Device SetsCreate a dynamic set.postCreate a manual set.postDelete a set.postGets the contents of a bucket.postGets a set based on the ID.postGet list of permissions associated with a set.postGets the references to a set.postGets the rights on a set.postGets a set template based on ObjectType and SubObjectType.postGets the members with access to the set.postGets the objects set.postGets a set of ObjectType.postGets the members with access to the set.postGrant permissions on a setpostUpdate a set.postUpdates the set members.postCustomizationCustomizationGet editable message template.postGet editable message templates.postSend a test message template.postReport ManagementReportsCreates a Reports directory in Path for the tenant.postCreates a Reports directory in the tenant for the current user.postList the Report roles and rights.postCertificate ManagementManage Tenant CertificatesUploads a certificate.postDelete a set of certificates.postDownloads a certificate.postGets the certificate authority certificate chain.postGets the public part of the cloud certificate authority certificate.postGets the public part of the tenant CA certificate.postRename certificate with thumbprint to newName.postSets the default certificate for the current tenant.postManage External CAAdd a certificate authority.postDownloads the certificate authority public key file.postGet certificate authorities for the tenant.postRemove a certificate authority.postUpdate a certificate authority.postManage ZSO certificatesGets the Zso certificatepostGets the Zso host information.postIssues a Zso user certificatepostAuthenticate the ZSO session.postLogin using a tenant Certificate authority certificate.postClears the Mac Safari Zso cookie.postIs the Mac Safari Zso cookie set.postChecks to see if sessionId is authenticated.postSets the Mac Safari Zso cookie.postManage user ZSO certificatesGet certificate info for a given user.postRemove one or more certificates for a given user.postConnector ManagementConnector ManagementRequests a heath check from a specific cloud connector or from all cloud connectors.postGets the connector log4net config for the connector.postGets the current Iwa Json Url.postGets the current Iwa Url.postGets the public part of the default global app signing certificate.postGet the Iwa trust root certificate.postGet the connector Iwa host certificate file.postGets the Iwa settings for the connector Uuid.postCalls the NotifyEnvironment method on the connector.postRedirect to the targetUrl.postRe issue the certificate for the connector.postSets the connector Log4Net config for a connector.postSet the certificate for the Iwa connector.postStarts the named service on the connector.postStops the named service on the connector.postUpdates the Iwa connector settings.postGet a list of cloud connectors that have the LDAP module enabled.postTenant ManagementManage SuffixesStore a suffix.postRemoves a suffix.postRemoves multiple suffixes.postGet the tenant suffixes.postGet the tenant suffixes excluding 'legacy' versions.postManage Tenant CnamesList the cnames assigned for the tenant.postGets the domain of tenant urlspostCreates a cname with prefix specified for the tenant.postSets the tenant cname to preferred as cnamepostGets the tenant cnames.postDeletes the cname for the tenantpostManage Tenant ConfigurationDescribe the system.postDeletes the tenant configuration key.postGets the tenant's config value for a key.postSets the value of a tenant configuration key.postDeletes a single key record from the config table.postReturns tenant's configuration values.postGet tenant configuration.postGets the google key for the tenant.postGets the tenant mobile configuration data.postGet the tenant Simple Mail Transport Protocol configuration.postGet the tenant Telephony Credits Notification configuration.postGet the tenant Twilio configuration.postReset portal configuration.postSet the tenant configuration.postSet a tenant configuration.postSets the google key for the tenant.postSets the tenant mobile configuration.postSet password persistance. i.e. do we save your password.postSet the tenant Simple Mail Transport Protocol configuration.postSet the tenant Telephony Credits Notification configuration.postSet the tenant Twilio configuration.postTest the tenant Simple Mail Transport Protocol configuration.postTest the tenant Twilio configuration.postNetwork ConfigurationNetworkDeletes a Blocked IP Range.postDeletes an IP Range local to the customer network.postDeletes a list of proxies.postRemove a connector referred to by proxyUuid.postDisableBlockedIpRange: Disable blocked IP RangepostDisablePremDetectRange: Disable OnPrem Detect RangepostEnableBlockedIpRange: Enable block IP RangepostEnablePremDetectRange: Enable OnPrem Detect RangepostGenerates a new registration code.postGets the blocked IP Ranges.postGets the IP Ranges local to the customer network.postSet the connector Iwa Settings for proxyUuid.postUpdates a Blocked IP Range.postUpdates an IP Range local to the customer network.postDirectory Service ManagementDirectory Service ManagementCreate a directory.postDeletes a directory.postCheck for the existence of a directory.postGet all of the directory service settingspostSets all given directory service setting valuespostUpdates the directory services stack for a tenant.postAssigns directoryfile rights to roles.postAssigns directory rights to roles.postList the directory contents of a directory.postGets the directory services.postGet a list of directory contents.postList the roles and rights to a directoryfile.postGets directory information for the path.postGet a list of directory contents with a file extension of 'report'.postList the file contents of a directory.postQuery all directory services for users, groups, and/or roles using a json query string.postGet a list of domains in the forest.postGets the active directory topology for the directory service Uuid or the domain name.postGets a list of domain controllers for the directory service Uuid in domain name.postGet domains and organizational units.postGoogle Directory Service ManagementCall back for the google directory service.postGets the IDP authorization state for the pollingToken.postGets the directory service configuration.postGets the state id and the service login url.postUpdates the directory service configuration.postUpdates the directory service configuration.postLDAP Directory Service ManagementAdds a service to the Lightweight Directory Access Protocol (LDAP) config.postRemove a service from the Lightweight Directory Access Protocol (LDAP).postGets the directory service version for an LDAP directory service specified by UUID.postGet the Lightweight Directory Access Protocol (LDAP) config.postGet the Directory Service UUID for a specific LDAP, using the name assigned by the user.postGets the list of mappable LDAP attributes.postGets a property to attribute mapping on an LDAP enabled directory service.postGets the scripting property to attribute mapping from an LDAP enabled directory service.postModify a service in the Lightweight Directory Access Protocol (LDAP) config.postSets a property to attribute mapping on an LDAP enabled directory service.postSets the scripting property to attribute mapping on an LDAP enabled directory service.postGets the results of the specified mappings by looking up a user by name.postVerify the Lightweight Directory Access Protocol (LDAP) directory service config.postSocial LoginSocial LoginFor social authentication, this is the Facebook call back.postFor social authentication, this is the Google call back.postFor social authentication, this is the LinkedIn call back.postFor social authentication, this is the Microsoft call back.postFor social authentication, this is the Twitter call back.postGets the social configurations for all identity providers.postGet the application client secret.postGets the social user authentication configuration.postGets the social configuration for the requested identity provider.postResets the social user authentication configuration.postSets the social user authentication configuration.postSet custom configuration.postFile ManagementFile ManagementAssigns file rights to roles.postRead the contents of a file.postWrite string content to a file.postDeletes a file.postDeletes a set of files.postDownload the contents of a file.postCheck for the existence of a file.postGet metadata and information about a file, as well as the file contents.postList the roles and rights of a file.postReturns a file name that is unique in the directory.postReturn given text as a file.postMove directory 'path' to 'toPath'.postRetrieves the file from the virtual file system.postGet the file.postGet lower case file name.postWidget ManagementWidget ManagementGet Authentication Widget as PagepostWorkflow ManagementWorkflow ManagementDeletes a workflow jobpostSends a workflow event to a workflowpostGets a workflow jobpostGets list of workflow jobspostGets list of workflow jobs associated with the current userpostStarts a workflow jobpostDelete job history.postMake a job report.postRequest the cancellation of a job.postCreate a one time job.postReturns streaming job history data via a redrock style interface.postGets the history of a single job.postRetrieve simple job metrics from the persistent job system.postAccess Control ListsACLCheck row ACLs.postGets a users access rights.postGet a collection of access rights.postGets the collection access rights based on the input parameters.postRetrieves a list of who has what rights for the directory.postGets a list of directory rights.postGets a list of file rights.postGets a list of row rights.postGets ACLs on a file.postGets the access rights for a row.postDeprecatedDeprecatedDeprecated -- Forces the Idaptive oath profile to exist.postDeprecated -- Resets the Idaptive OATH profile.postDeprecated -- EnableFeaturespostDeprecated -- EnrollpostRegisterpostDeprecated -- Assign super rightspostDeprecated -- Fetch a Role's principals.postDeprecated -- Create a Principal List role.postDeprecated -- Unassign super rightspostDeprecated -- Delete a list of users with permission check.postDelete user after permission check (DEPRECATED)postDelete a cloud user. (DEPRECATED)postDeprecated -- Adds a Blocked IP Range.postDeprecated -- Adds an IP Range local to the customer network.postDeprecated -- Deletes a Blocked IP Range.postDeprecated -- Deletes an IP Range local to the customer network.postIssues a user certificate. (Deprecated, please use OAuth2 instead.)postGets a list of policy links.postDeprecated; use SavePolicyBlock3.postSaves a list of policy links.postFetch a Role.postDeprecated -- Update a Role.postDeprecated -- Am I authenticated.postDeprecated -- Checks for user execute rights on the Application Role Management task.postDeprecated -- User login.postDeprecated -- Multi factor authentication login for user.postDeprecated -- EnableFeaturespostDeprecated -- EnrollpostRegisterpostDeprecated -- Get editable mail templates.postDEPRECATED -- This API is deprecated and should not be used.postAnalytics/{tenant_url}/rules//rulesget/{tenant_url}/rules/webhook/rules/webhookpost/{tenant_url}/dataset/system/models/dataset/system/modelsget/{tenant_url}/file/import/rules/webhook/file/import/rules/webhookpost/{tenant_url}/apis/access_tokens/apis/access_tokenspost/apis/access_tokensget/{tenant_url}/rules/{id}/rules/{id}delete/{tenant_url}/apis/access_tokens/{id}/apis/access_tokens/{id}delete/{tenant_url}/apis/scopes/apis/scopesget/{tenant_url}/apis/access_token/{id}/inactiate/apis/access_tokens/{id}/inactivateput/{tenant_url}/file/export/rules/webhook/{name}/file/export/rules/webhook/{name}post/{tenant_url}/rules/webhook/test/rules/webhook/testpost/{tenant_url}/apis/access_token/{id}/actiate/apis/access_tokens/{id}/activateput/{tenant_url}/rules/{id}/status/rules/{id}/statuspostSignupSignupCreate a new external user in the Cloud Directory Service via the SignUp mechanism.postConsentManagementTo get Consent Management ConfigurationpostGet Consent Management Script and script editor helper infopostTo Find if Consent Management is enabledpostUpdate Consent Management ConfigurationpostIdentity VerificationSend SendIdentityVerificationOTP to a specified user.postTo get identity Proofing Info of a userpostTo get Identity Provider ConfigurationpostGet IDV Scipt and script editor helper infopostTo get Workflow Approvers defined for sign-up approval workflow.postTo Find if IdentityProofing is enabledpostUpdate Identity Verification ConfigurationpostUpdate the User Sign Up StatuspostEmail VerificationGet verification statuspostSend an verification emailpostMandatory link Verification support: Verifies magic link sent in emailpostGet the user preferences.post https://{tenant_url}/UserMgmt/GetUserPreferences
