JUMP TOGet StartedGet Started with CyberArk Identity APIsAuthenticationAuthentication & AuthorizationLoginStart authenticationpostAdvance authenticationpostGet challenge state ID for Authentication profilepostStart step-up challengepostAnswer the registration challenge.postAnswer out-of-band challengepostSubmit DUO authenticationpostSubmit DUO authenticationpostSubmit OATH OTP codepostSubmit QR CodepostTerminate an incomplete session started with StartAuthentication or StartChallenge.postForgot usernamepostStart forgot username sessionpostAdvance a forgot username session (similar to MFA advance authentication)postAllows OAuth2 clients to perform on-demand step-up authentication challenges.postStart social authenticationpostStart QR code authenticationpostContinues user authentication.postLooks for the multi auth customer response.postLooks for the multi auth customer response.postConfirms user authentication state.postLogoutLogoutpostSign out from current sessionpostSign out from everywherepostOAuth & OpenID ConnectGet metadata of OpenID providerpostGet JWT keyspostAuthorizepostConfirm user consentpostToken requestpostUserInfopostIntrospect tokenspostRevoke tokenspostEnd user sessionpostProgressive Password MigrationGet PPM Scipt and script editor helper infopostUpdate Progressive Password Migration ConfigurationpostAdditional APIsLoginpostGets a CyberArk Identity Security Platform OIDC token based on grant type.postCreates a client token.postMulti Factor EnrollmentPasswordsGenerate Password.postFetches a one-time passcode for the specified use.postChange user passwordpostVerify password.postReset the password for a specified userpostManage Security QuestionsSet admin security questionpostDelete admin security question.postGet admin security question.postGet admin security questions.postGet security questionspostReset security questionspostUpdate security questionspostManage U2F devicesDeletes U2f device.postDelete U2f devices.postGet the trusted facet list for the tenant.postGet registration challenge.postGet U2f devices.postGet U2f devices for user.postManage OATH profilesAdd a single OATH profile to a specific user.postForces the Idaptive oath profile to exist.postDelete a list of profiles.postGets data from a csv file.postGet import profile list.postGets the profile list for the user.postGets the oath profile list for a device.postResets the Idaptive OATH profile.postResynchronize a TOTP or HOTP token.postSave or update the default Idaptive profile.postSet response parameters to entity.postProcess a previously uploaded csv file.postUpdate the oath profile counter.postValidate OATH OTP code.postManage Radius configurationGet all radius clients.postFetch Radius config for a specified connectorpostGet the list of RADIUS serverspostGet the user identifier attribute types.postRemove one or more radius clients if they exist.postRemove radius servers.postAdd or update a radius client.postChange radius config for a connector.postConfigures a Radius server.postAdditional APIs for MFAGet QR code statuspostSet phone pinpostUser ManagementCreate UsersCreate userpostCreate new users in the Cloud Directory Service based on data read from files.postCreate a new user in the CyberArk Cloud Directory Service using minimal user informationpostCreate new users in the CyberArk Cloud Directory ServicepostSaves the user information.postStores the User Setting.postBulk ImportBulk imports users Default csv file.postStart Bulk User ImportpostAdvance Bulk User ImportpostSend User InvitesInvite Cloud UserspostSend Invitation.postSend Invitation EmailpostSend Invitation SMSpostManage User DataUpdate Base ProfilepostAdd additional attributespostUpdate user profilepostUpdate AD user attributespostGet user detailspostGet user details by namepostGet users detailspostGet user settingspostGet the cached entity.postGet the cached user.postGet user informationpostGet the user preferences.postGet user roles and administrative rightspostManage User StateChange user statepostSet user statepostCheck if user is lockedpostCheck if user is locked out by policypostChecks to see if a given user is subject to cloud locks.postDisable/enable a userpostManage User AttributesGet user attributespostFetch attributes for a specified user.postCheck to see if a user can edit attributes.postGet additional attributepostGet additional attributespostGet SchemapostSet additional attributepostSet additional attributespostSet users picturepostGet users picturepostTo get the configuration of the user attributes.postTo save the configuration of the user attributespostDelete UsersDelete userpostDelete userspostAdditional User Management APIsExempt a user from MFApostFetch technical support user.postGrant portal access to technical support.postRefresh a user's cached identity.postRemoves AuthSource for list of userspostPerforms the action after confirming permission to do so.postVerifyIdentityOTP: Verify if the One Time Passcode matched with the stored valuepostGet Token for username Requires OATH2 Authorization headerpostRefresh current user's cached identity.postChecks to see if user has execute rights on the task.postChecks to see if user has execute rights on a list of tasks.postCheck if a user profile challenge is required for the current user.postUncache the user preferences.postUpdates various user preferences for the currently logged in user.postSet user security imagepostOrganization ManagementOrganization ManagementCreate organizationpostDelete organizationpostGet organization detailspostGet administratorspostGet administrative rightspostGet organization rolespostGet all organizationspostUpdate organization membershippostCheck if current user can perform specific taskpostUpdate organizationpostUpdate administrators for organizationpostUpdate administrative rightspostGet user hierarchypostRole ManagementRole ManagementCreate RolepostUpdate rolepostAdd users or roles or groups to rolepostAssign administrative rights to rolepostUnassign administrative rights for rolepostDelete Role.postDelete Roles.postGet assigned administrative rights associated of rolepostList the roles and rights of a directory.postFetch a Proxy Notification Members.postGet the users for the specfied role id and return the paged results.postGet rolepostGet role memberspostSet script of dynamic rolepostTest dynamic role scriptpostGet apps associated with rolepostRemove users or roles or groups from the rolepostPolicy ManagementAuthentication ProfileDelete authentication profile.postGet authentication profile.postGets a list of Authentication profiles.postGets an Authentication Assurance LevelpostSave authentication profile.postPolicy ManagementAdd an authentication policy modifier.postDelete an authentication policy modifier.postDelete policy.postGet the authentication policy modifiers.postGets policy links.postGet policy block.postGets the oath otp name for the user.postGet password complexity requirementspostGet policy blockpostRetrieves a boolean policy value.postRetrieves an integer policy value.postGet the policy meta data.postRetrieves a string policy value.postGet the rsop policy for the user and device.postGets the oath u2f name for the user.postGet using cloud mobile group policy.postGet a list of policies for a device.postSave policypostSaves a list of policy links.postSets the using cloud mobile group policy.postApplication ManagementApplication ManagementGet application templates and categoriespostChecks if Application is still available in the catalog.postImport apps from predefined templatespostDelete application.postGet application detailspostClone an existing application.postGets the ID of an app from its service namepostSet application permissionspostUpdate application.postCreate a tag with no apps for the current user.postDelete a tagpostDownloads logs for the imported accounts file.postGet an application's data.postReturns list of credential providers.postReturns list of details for recently uploaded files.postGet applications for userpostGet tags for applicationpostRename a tagpostSet user credentials for an application.postupdate captured user application .postUpdate secured item credentials.postUpdate personal user application.postupdate user application for the current user.postUpload personal app icon.postUpload secured item icon.postAdd and update application tags for the current user.postAdd and update secured item tags for the current user.postGets all available data for the user portal in one call.postVerify if username provided for personal app or secured item is allowed.postFederationFederationCreate federation.postDelete a federation.postGet a federation.postGets a list of federations.postUpdate a federation.postRevokes federated group membership from a specific group for a specific user.postGet the federation metadata.postGets a list of federation types.postGets a list of federated groups.postRetreives a list of users that are members of a specific federated group.postRetrieves the Federated Group Memberships for a specfic user.postGet federation group assertion mappings.postUpdate federation group assertion mappings.postGet global federation settings.postUpdate the global group assertion mappings.postGet global group assertion mappings.postAdd global group assertion mapping.postDelete global group assertion mapping.postGets the public part of the Service Provider signing certificate.postGets the public part of the Service Provider signing certificate authority.postRemoves AuthSource from all users for a given FederationpostDirectory Service ManagementDirectory Service ManagementCreate a directory.postDeletes a directory.postCheck for the existence of a directory.postGet all of the directory service settingspostSets all given directory service setting valuespostUpdates the directory services stack for a tenant.postAssigns directoryfile rights to roles.postAssigns directory rights to roles.postList the directory contents of a directory.postGets the directory services.postGet a list of directory contents.postList the roles and rights to a directoryfile.postGets directory information for the path.postGet a list of directory contents with a file extension of 'report'.postList the file contents of a directory.postQuery all directory services for users, groups, and/or roles using a json query string.postGet a list of domains in the forest.postGets the active directory topology for the directory service Uuid or the domain name.postGets a list of domain controllers for the directory service Uuid in domain name.postGet domains and organizational units.postGoogle Directory Service ManagementCall back for the google directory service.postGets the IDP authorization state for the pollingToken.postGets the directory service configuration.postGets the state id and the service login url.postUpdates the directory service configuration.postUpdates the directory service configuration.postLDAP Directory Service ManagementAdds a service to the Lightweight Directory Access Protocol (LDAP) config.postRemove a service from the Lightweight Directory Access Protocol (LDAP).postGets the directory service version for an LDAP directory service specified by UUID.postGet the Lightweight Directory Access Protocol (LDAP) config.postGet the Directory Service UUID for a specific LDAP, using the name assigned by the user.postGets the list of mappable LDAP attributes.postGets a property to attribute mapping on an LDAP enabled directory service.postGets the scripting property to attribute mapping from an LDAP enabled directory service.postModify a service in the Lightweight Directory Access Protocol (LDAP) config.postSets a property to attribute mapping on an LDAP enabled directory service.postSets the scripting property to attribute mapping on an LDAP enabled directory service.postGets the results of the specified mappings by looking up a user by name.postVerify the Lightweight Directory Access Protocol (LDAP) directory service config.postDevice ManagementManage Mobile DevicesEnroll Android devicepostEnroll iOS DevicepostDelete a device (Mobile + OSX)postDisable SSO on device (Mobile + OSX)postEnable SSO on device (Mobile + OSX)postDeletes the APNS Developer certificate details used to send push notifications to the MobilepostGets list of global permissions associated with devicepostReset Samsung KNOX container password (Samsung Mobile)postLock client app (Mobile)postLock device screen (Mobile + OSX)postPing a device (Mobile + OSX)postPower off a device (Mobile + OSX)postReapply device policies (Mobile + OSX)postReboot a device (Mobile + OSX)postUnenroll a device (Mobile + OSX)postReset client app lock pin (Mobile)postSets the APNS Developer certificate to be able to send push notifications to the MobilepostGrant permissions on devicespostSet a device as primary (Mobile)postUnlock a device (Mobile + OSX)postUpdate device policies (Mobile + OSX)postWipe a device (Mobile + OSX)postManage Windows DevicesAdd an enrollment codepostDelete an enrollment codepostDisables zero or more features for an enrolled machine.postEnables zero or more features for an enrolled machine.postEnrolls a machine to the CIP using user credentials.postGet all enrollment codespostReturns a machine certificate.postEnrolls a machine to the CIP using an enrollment code.postUnenroll an enrolled Agent.postWindows DPATo create a local user on target windows machinepostTo delete a local user on target windows machinepostTo get the DpaAdmin user detailspost/WinDpa/SetDpaAdminpostTo get the DpaAdmin user detailspostManage Device SetsCreate a dynamic set.postCreate a manual set.postDelete a set.postGets the contents of a bucket.postGets a set based on the ID.postGet list of permissions associated with a set.postGets the references to a set.postGets the rights on a set.postGets a set template based on ObjectType and SubObjectType.postGets the members with access to the set.postGets the objects set.postGets a set of ObjectType.postGets the members with access to the set.postGrant permissions on a setpostUpdate a set.postUpdates the set members.postReport ManagementReportsCreates a Reports directory in Path for the tenant.postCreates a Reports directory in the tenant for the current user.postList the Report roles and rights.postCertificate ManagementManage Tenant CertificatesUploads a certificate.postDelete a set of certificates.postDownloads a certificate.postGets the certificate authority certificate chain.postGets the public part of the cloud certificate authority certificate.postGets the public part of the tenant CA certificate.postRename certificate with thumbprint to newName.postSets the default certificate for the current tenant.postManage External CAAdd a certificate authority.postDownloads the certificate authority public key file.postGet certificate authorities for the tenant.postRemove a certificate authority.postUpdate a certificate authority.postManage ZSO certificatesGets the Zso certificatepostGets the Zso host information.postIssues a Zso user certificatepostAuthenticate the ZSO session.postLogin using a tenant Certificate authority certificate.postClears the Mac Safari Zso cookie.postIs the Mac Safari Zso cookie set.postChecks to see if sessionId is authenticated.postSets the Mac Safari Zso cookie.postManage user ZSO certificatesGet certificate info for a given user.postRemove one or more certificates for a given user.postConnector ManagementConnector ManagementRequests a heath check from a specific cloud connector or from all cloud connectors.postGets the connector log4net config for the connector.postGets the current Iwa Json Url.postGets the current Iwa Url.postGets the public part of the default global app signing certificate.postGet the Iwa trust root certificate.postGet the connector Iwa host certificate file.postGets the Iwa settings for the connector Uuid.postCalls the NotifyEnvironment method on the connector.postRedirect to the targetUrl.postRe issue the certificate for the connector.postSets the connector Log4Net config for a connector.postSet the certificate for the Iwa connector.postStarts the named service on the connector.postStops the named service on the connector.postUpdates the Iwa connector settings.postGet a list of cloud connectors that have the LDAP module enabled.postTenant ManagementManage SuffixesCreate tenant suffixpostDelete suffixpostDelete suffixespostGet tenant suffixespostGet CDS tenant suffixespostManage Tenant CnamesGet tenant URLspostGets the domain of tenant urlspostRegister tenant URLpostSets the tenant cname to preferred as cnamepostGets the tenant cnames.postDelete a tenant URLpostManage Tenant ConfigurationGet tenant informationpostDelete tenant configurationpostGet tenant configurationpostSet tenant configurationpostDeletes a single key record from the config table.postReturns tenant's configuration values.postGet tenant custom configurationpostGets the google key for the tenant.postGets the tenant mobile configuration data.postGet the tenant Simple Mail Transport Protocol configuration.postGet the tenant Telephony Credits Notification configuration.postGet the tenant Twilio configuration.postReset portal configuration.postSet the tenant configuration.postSet tenant custom configuration.postSets the google key for the tenant.postSets the tenant mobile configuration.postSet password persistance. i.e. do we save your password.postSet the tenant Simple Mail Transport Protocol configuration.postSet the tenant Telephony Credits Notification configuration.postSet the tenant Twilio configuration.postTest the tenant Simple Mail Transport Protocol configuration.postTest the tenant Twilio configuration.postGets the tenant's config value for a key.postTenant ManagementGet SmsGateway configuration.postSet SmsGateway configuration.postTest Sms Gateway configuration.postNetwork ConfigurationNetworkDeletes a Blocked IP Range.postDeletes an IP Range local to the customer network.postDeletes a list of proxies.postRemove a connector referred to by proxyUuid.postDisableBlockedIpRange: Disable blocked IP RangepostDisablePremDetectRange: Disable OnPrem Detect RangepostEnableBlockedIpRange: Enable block IP RangepostEnablePremDetectRange: Enable OnPrem Detect RangepostGenerates a new registration code.postGets the blocked IP Ranges.postGets the IP Ranges local to the customer network.postSet the connector Iwa Settings for proxyUuid.postUpdates a Blocked IP Range.postUpdates an IP Range local to the customer network.postFile ManagementFile ManagementAssigns file rights to roles.postRead the contents of a file.postWrite string content to a file.postDeletes a file.postDeletes a set of files.postDownload the contents of a file.postCheck for the existence of a file.postGet metadata and information about a file, as well as the file contents.postList the roles and rights of a file.postReturns a file name that is unique in the directory.postReturn given text as a file.postMove directory 'path' to 'toPath'.postRetrieves the file from the virtual file system.postGet the file.postGet lower case file name.postWidget ManagementWidget ManagementGet Authentication Widget as PagepostWorkflow ManagementWorkflow ManagementDelete jobpostSend workflow eventpostGet workflow jobpostGet workflow jobspostGet user jobspostStart jobpostDelete job history.postGet job report.postCancel jobpostCreate a one time job.postReturns streaming job history data via a redrock style interface.postGets the history of a single job.postGet job reportpostAccess Control ListsACLCheck row ACLs.postGets a users access rights.postGet a collection of access rights.postGets the collection access rights based on the input parameters.postRetrieves a list of who has what rights for the directory.postGets a list of directory rights.postGets a list of file rights.postGets a list of row rights.postGets ACLs on a file.postGets the access rights for a row.postDeprecatedDeprecatedDeprecated -- Forces the Idaptive oath profile to exist.postDeprecated -- Resets the Idaptive OATH profile.postDeprecated -- EnableFeaturespostDeprecated -- EnrollpostRegisterpostDeprecated -- Assign super rightspostDeprecated -- Fetch a Role's principals.postDeprecated -- Create a Principal List role.postDeprecated -- Unassign super rightspostDeprecated -- Delete a list of users with permission check.postDelete user after permission check (DEPRECATED)postDelete a cloud user. (DEPRECATED)postDeprecated -- Adds a Blocked IP Range.postDeprecated -- Adds an IP Range local to the customer network.postDeprecated -- Deletes a Blocked IP Range.postDeprecated -- Deletes an IP Range local to the customer network.postIssues a user certificate. (Deprecated, please use OAuth2 instead.)postGets a list of policy links.postDeprecated; use SavePolicyBlock3.postSaves a list of policy links.postFetch a Role.postDeprecated -- Update a Role.postDeprecated -- Am I authenticated.postDeprecated -- Checks for user execute rights on the Application Role Management task.postDeprecated -- User login.postDeprecated -- Multi factor authentication login for user.postDeprecated -- EnableFeaturespostDeprecated -- EnrollpostRegisterpostDeprecated -- Get editable mail templates.postDEPRECATED -- This API is deprecated and should not be used.postAnalyticsApi Management System: Operations for API KeyToken ManagementGet API listgetCreate APIpostDelete APIdeleteGet bulk API access tokensgetCreate an API access tokenpostGet API access tokengetRevoke an API access tokendeleteActivate an API access tokenputInactivate an API access tokenputResume APIpostGet available scopesgetSuspend APIpostGet API with API keygetUpdate API with API keyputDelete API with API keydeleteResume API with API keypostSuspend API with API keypostAnalytics Dataset APIget all database for one usergetupdate a data setputsave a data setpostdelete data setsdeletegenerate data set query from explorer querypostvalidate input query stringpostrun a querypostget analytics system tablesgetget snapshots for given modelgetget one custom data setgetIdentity Intelligence: Operation for Identity IntelligenceGet risk model contextgetUpsert risk model contextputrestore to default risk model contextdeleteGet risk modelgetUpsert risk modelputrestore to default risk modeldeleteGet risk model context with user_idgetUpsert risk model context with user_idputrestore to default risk model context with user_iddeleteGet risk model with user_idgetUpsert risk model with user_idputrestore to default risk model with user_iddeleteGenerate user riskpostGenerate fraudulent predictionpostGet risk level intervals from risk modelgetSession Timeline: Session Timeline for Target Server and User BehaviorGet session timeline detailsgetNotification: Operations for notification rules and actionsget all rule policiesgetupdate a rule policyputadd a rule policypostadd a email rule policypostadd a lock user rule policypostget supported template variablesgetadd a webhook rule policyposttest a webhook rule policypostdelete a rule policydeletetoggle a rule policypostPrivilege Risk ConfigurationGet all security configsgetCreate a new security configpostRestore all security configs to default valuepostUpdate a security configputDelete a security configdeleteUser Query: Operations for User's Query Statement with DataSetget dataset query summarygetupdate a dataset queryputsave a dataset querypostdelete a dataset querydeleterun a querypostget dataset query by idgetSignupSignupSignup external userspostConsentManagementTo get Consent Management ConfigurationpostGet Consent Management Script and script editor helper infopostTo Find if Consent Management is enabledpostUpdate Consent Management ConfigurationpostIdentity VerificationSend SendIdentityVerificationOTP to a specified user.postTo get identity Proofing Info of a userpostTo get Identity Provider ConfigurationpostGet IDV Scipt and script editor helper infopostTo get Workflow Approvers defined for sign-up approval workflow.postTo Find if IdentityProofing is enabledpostUpdate Identity Verification ConfigurationpostUpdate the User Sign Up StatuspostEmail VerificationGet verification statuspostSend an verification emailpostMandatory link Verification support: Verifies magic link sent in emailpostMiscellaneousAdditional APIsThe tenant brand information.postThe tenant brand.postGets download urls.postGets the localized value of the tag.postRetrieves a list of product licenses for this tenant, from Salesforce.postGet supported cultures, returning their code and native name.postThis is a callback used by the twilio service.postSimple health check for load balancers: Is this node active?postReturns login Data configurement.postList the Dashboard roles and rights.postGets a list of tenants for the customer.postRegister a new tenant.postGets a list of risk levels.postRuns a risk check for the current user.postAdd an account for a resourcepostChecks out an account passwordpostDelete an accountpostGets list of permissions associated with an accountpostGet administrator informationpostGet AD topology and administrator informationpostGet the account status for an administratorpostGet a retired password of an accountpostGrants permissions on accountspostCreate or remove administrator accountspostGrant permissions on domainspostUpdate an accountpostGet the system version.postEmails the report from scriptPath to the emailTo address.postEvaluate a shortened URL key, redirecting to its long URL if valid.postActivates restricted username in WPM.postDeactivates restricted username in WPM.postDeletes restricted username in WPM.postGets the list of restricted usernames for WPM.postAdds or Updates a restricted username.postGets data from a csv file.postGets data from a csv file.postRetrieve a session id.postDummypostGet administrator information for a domainpostReturns Out of band login statuspostSocial LoginSocial LoginFor social authentication, this is the Facebook call back.postFor social authentication, this is the Google call back.postFor social authentication, this is the LinkedIn call back.postFor social authentication, this is the Microsoft call back.postFor social authentication, this is the Twitter call back.postGets the social configurations for all identity providers.postGet the application client secret.postGets the social user authentication configuration.postGets the social configuration for the requested identity provider.postResets the social user authentication configuration.postSets the social user authentication configuration.postSet custom configuration.postCustomizationCustomizationGet editable message template.postGet editable message templates.postSend a test message template.postApplication ManagementApplication ManagementGet application templates and categoriespostChecks if Application is still available in the catalog.postImport apps from predefined templatespostDelete application.postGet application detailspostClone an existing application.postGets the ID of an app from its service namepostSet application permissionspostUpdate application.postCreate a tag with no apps for the current user.postDelete a tagpostDownloads logs for the imported accounts file.postGet an application's data.postReturns list of credential providers.postReturns list of details for recently uploaded files.postGet applications for userpostGet tags for applicationpostRename a tagpostSet user credentials for an application.postupdate captured user application .postUpdate secured item credentials.postUpdate personal user application.postupdate user application for the current user.postUpload personal app icon.postUpload secured item icon.postAdd and update application tags for the current user.postAdd and update secured item tags for the current user.postGets all available data for the user portal in one call.postVerify if username provided for personal app or secured item is allowed.postRevoke tokenspost https://example.my.idaptive.app/OAuth2/Revoke/{app_id}This revoke API allows a client to invalidate its tokens if the end-user logs out, changes identity, or uninstalls the respective application. The client ID and client secret should be passed as authorization header of type Basic. Refer guides Revoke Token for more information.
