Jump to content

Search the Community

Showing results for tags 'api'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Essentials
    • Announcements
  • Passwordstate 8.x
    • General Support
    • Feature Requests
    • Feature Requests - Completed
    • Known Issues
    • Installing Passwordstate
    • 3rd Party Hardware/Software Knowledge Forum
  • Knowledge Base
    • General FAQs
    • Password Resets
    • Remote Session Launcher
    • Mobile Client
    • Passwordstate API
    • Browser Extensions
    • Password Reset Portal
  • Passwordstate 7.x
    • General Support
    • Known Issues

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL





Google Plus Account







Found 25 results

  1. This should be very simple, but we can't figure it out. We have been using PasswordState APIs Anonymously until or Information Security group discovered that there wasn't very good auditing because it was all, well, Anonymous. So we disabled it, but now we can't figure out how to use credentials with our API calls. None of the documentation makes reference to it. It's as if everyone uses Anonymous API calls. This documented process no longer works for any of our scripts: # PowerShell Request $PasswordstateUrl = 'https://passwordstate/api/passwords/<PasswordID>' Invoke-Restmethod -Method GET -Uri $PasswordstateUrl -Header @{ "APIKey" = "<apikey>" } It returns with this error: Invoke-Restmethod : [{"errors":[{"message":"Forbidden"},{"phrase":"Making calls to the Anonymous API is not allowed. Please refer to your Passwordstate Security Administrators for more information."}]}] Which is obvious, because we were forced to disable it. But how can we make it not anonymous?
  2. Hello There is no API which allow to restore a password. Basically, provide the passwordID and the destination passwordlistID for the restoration should be useful Another API feature should be to empty the recycle bin by a simple api request by providing the passwordlistID regards MB
  3. Hi, i am currently trying to set, update or delete folder permissions through the api and winapi. The connection is working properly and if i forget to add any Apply* property or the folder is not manually managed i am getting the appropriate error message from the api. But if all properties are given and correct i only get the default error page as response from the api. I have tested all ApplyPermissionsFor* with no success. My user has admin permissions to the folder, manually adding Administrator permissions for group/user is working. The ErrorConsole does not show up any new errors. Can someone/support please test that behavior? Is the folderpermissions api method working? Example Test Code from the official API Documentation (Change: FolderID, PasswordStateURL and ApplyPermissionsForSecurityGroupName): $PasswordStateURL = 'https://passwordstate/winapi' $jsonData = ' { "FolderID":"253", "Permission":"A", "ApplyPermissionsForSecurityGroupName":"LG_PasswordState_Security_Admins" } ' $result = Invoke-Restmethod -Method Post -Uri $PasswordstateURL'/folderpermissions' -ContentType "application/json" -Body $jsonData -UseDefaultCredentials Verbose: VERBOSE: POST https://passwordstate/winapi/folderpermissions with 127-byte payload VERBOSE: received 19365-byte response of content type text/html VERBOSE: Content encoding: utf-8 ErrorPage Response: generalerror.aspx?aspxerrorpath=/winapi/folderpermissions Thanks, René
  4. Hi, i am developing extended powershell functions for communicating with the api. I try to stick to your API documentation for the properties here. It just seems to me that the API documentation is not up to date or does not contain all options of the individual methods, is that possible? My primary question: Is the API documentation up-to-date or, due to the fact that i want to integrate all current possible options, should I also test all options that are not documented? Furthermore I have already found some bugs in the API documentation. I would send you a list here as soon as I am done with it. An example based on the passwordlists api method: For example, the option Guide that is missing in your documentation, is working. Other options that also not available in your documentation like the following are not working: PasswordStrengthPolicyID PasswordGeneratorID PreventBadPasswordUse PasswordResetEnabled AllowExport Example query: You can see that the above mentioned options are not working (Compare Query <-> Response) body: { "PasswordList": "TestPublicList", "Description": "Test public password list", "CopySettingsFromPasswordListID": "", "CopySettingsFromTemplateID": "", "CopyPermissionsFromPasswordListID": "", "CopyPermissionsFromTemplateID": "", "NestUnderFolderID": 45, "LinkToTemplate": "", "SiteID": 0, "ApplyPermissionsForUserID": "domain\\user", "ApplyPermissionsForSecurityGroupID": "", "ApplyPermissionsForSecurityGroupName": "", "ImageFileName": "protect.png", "PasswordGeneratorID": 10, "PasswordStrengthPolicyID": 4, "PreventBadPasswordUse": false, "AllowExport": false, "PasswordResetEnabled": true, "Permission": "A", "Guide": "testguide" } Response: PasswordListID : 219 PasswordList : TestPublicList Description : Test public password list ImageFileName : protect.png Guide : testguide AllowExport : True PrivatePasswordList : False TimeBasedAccessRequired : False NoApprovers : 1 DisableNotifications : False PasswordStrengthPolicyID : 1 PasswordGeneratorID : 0 CodePage : Using Passwordstate Default Code Page PreventPasswordReuse : 5 AuthenticationType : None Required AuthenticationPerSession : False PreventExpiryDateModification : False SetExpiryDate : 0 ResetExpiryDate : 0 PreventDragDrop : True PreventBadPasswordUse : True ProvideAccessReason : False TreePath : \Services\Domain\Test TotalPasswords : 0 GeneratorName : Using user's personal Password Generator Options PolicyName : Default Policy PasswordResetEnabled : False ForcePasswordGenerator : False HidePasswords : False ShowGuide : False EnablePasswordResetSchedule : False PasswordResetSchedule : 00:00 AddDaysToExpiryDate : 90 SiteID : 0 SiteLocation : Internal OneTimePasswords : False EDIT: As workaround you can add the option "CopySettingsFromTemplateID": 1 to your json, so the settings will be copied from the specified TemplateID. Thanks, René
  5. Hi, It would be great if the API had a method to create, delete and edit templates (incl. custom fields content and values). We would like to automate most of the work in PasswordState as much as possible and reasonable. We have some special template settings and we use all generic fields, so if we want to change the contents of the generic fields or the password list settings, we would like to change this via the API/WinAPI and our CI/CD pipelines. For example, we have a "Customers" field that contains all customer names. This list is edited from time to time and must be changed in all password lists. This is not so nice to do manually with a lot of lists and the error rate (typos). Please vote for this feature request and stay healthy. Thanks, René
  6. Hello With the web interface, it's possible to copy, copy and link or move a password to another password list. It should be useful to have the same function with API. Moreover, perform these operation with the web interface is only possible one by one. Not practical if you have 50 or 100 passwords to move. May be the checkbox to perform bulk deletion can be also use to select password several password to move. regards, MB
  7. Another thing that was unexpected. When searching folders by name, it turns out that folder name string is used for substring search. For example, when using next URL for search: https://passwordstate/winapi/folders/?FolderName=Folder1&TreePath=\Test then results include folders with following names (and treepaths): Folder1 (\Test\Folder1) Folder10 (\Test\Folder10) Subfolder1 (\Test\Folder*\Subfolder1 - serveral folders) Subfolder10 (\Test\Folder*\Subfolder10 - serveral folders) How can I perform search with exact match? Without that i have to construct desired TreePath and then compare all returned results to that, if I want to get only folder I'm searching for... My PasswordState build number is 8706.
  8. Hello, Seeking advise on what I am trying to accomplish. Thankful for the recent addition of HIBP and the value it provides moving forward but I am looking at: Running a report to list all accounts that have a "bad" password and is already stored in the DB Searching all accounts by password. For example, if we found out that Password123 is "weak"...how do I search for all accounts with the password "Password123" so they can be addressed? Thanks!
  9. I am trying to use the API to add a host, then a password and then link it to that host. I want the account to appear as the "RDP linked Credential" I first check if the host exists, if not it gets created. This works fine and I get my HostID. I then create the credential, I am specifying "HostName" which is a match for the Host object that I created. If I now try to delete my Host, it will tell me that there is a linked account. So in my mind, this has worked. However, from the RDP Linked credentials drop down, there are no items found and I still need to search for this account manually. How can I get the accounts linked for RDP via the API?
  10. Hello. This feature request is more focused on functionality via the REST API, but as I understand it, would require some changes to the current designed behavior of the password reset dependencies. In its current state, it is not possible to make a modification to a password reset dependency once it has been linked to a password record, and therefore, requires you to make a new dependency as the modified version, and to remove the previously linked one. If possible, I am asking if we could make it so that you are able to modify an existing password reset dependency so that additional APIs such as the following could be achieved: A new REST API for retrieving all existing password reset dependencies for a given password record A new REST API for modifying an existing password reset dependency for a given password record A new REST API for removing an existing password reset dependency for a given password record Thank you.
  11. Hi and a happy new year, we use Royal TS (Connection Management Tool) from https://www.royalapplications.com/ and want to link it dynamically to Passwordstate. Royal TS has an abstraction for hostnames/usernames and the credentials (one script can call the "hostlist" an other the "credentialslist" and only the ones he's allowed to see)... so a user can see all hostnames when he starts the tool, but only when he connects to one of it the credentials will be queried. That is normally perfect ... then we see in the Passwordstate also an audit entry for this connection try. But we can't find an API call for query only the entries without the passwords, in the RoyalTS Frontend we can filter this, but an nosier user (developers are childs sometimes ;)) can simply catch all Passwordstate Passwords when he looks into the script ... can you add an specific API Call (with maybe an own API key for this) query the details without the passwords only? Thank you!
  12. As one of my programmatic secondary backup plan I wanted to use the API to dump the passwords periodically for save keeping. I'm reading up on the api call to do the export all and it's pretty easy to get the data using a simple powershell command as described in the documentation. Then you can just export that into a CSV by piping it into "Export-CSV". Easy enough, but I really like the in UI where I can export as KeePass encrypted zip. Before I try and write this myself, is this already available as a sample or API parameter?
  13. Hi, Would it be possible to add the ability to copy and link a created password to a different list? To explain: We use VMware Automation (vRA) to talk to Passwordstate and generate a new entry through the API. Then vRA is taking some variables into account (APIkey, PasswordID) and sends it to a powershell host, which creates a certificate in our Active Directory for the host mentioned. Then in the script the certificates are upload to PasswordState through the API. After this step we would like to automatically copy and link the created entry to a different password list, as the list to which it comes in, is to "admins" only and we don't want everyone to see them. Thanks in advance, Ronald
  14. Hi, i'm evaluating the usage of passwordstate for the company i'm working for and one of the main criteria is the webapi. I'm connectiong to the api with a python script and i have found three issues that i think could be bugs, and one is a showstopper for us. 1. The searchpasswords function in combination with a passwordlist-id and username seems to be broken Examplecode: headers = { 'APIKey': apiKey } uri = 'https://ourvault.ourtld/api/searchpasswords/'+str(passwordlist['PasswordListID'])+"?username="+user response = requests.get(uri, headers=headers, verify=False) print(uri) print() print(response.status_code) print() print(response.headers) print() print(response.content) Results: URI: https://ourvault.ourtld/api/searchpasswords/26?username=root Returncode: 500 Returnheader: {'Cache-Control': 'no-cache,max-age=0, no-cache, must-revalidate', 'Pragma': 'no-cache,no-cache', 'Content-Length': '120', 'Content-Type': 'text/plain; charset=utf-8', 'Expires': '-1,Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Microsoft-IIS/8.5', 'Strict-Transport-Security': 'max-age=31536000', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'X-UA-Compatible': 'IE=edge', 'Date': 'Wed, 29 Aug 2018 09:18:31 GMT'} Returnbody: b'[{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}]' api/passwords/26?QueryAll is working fine, so it seems it's the searchpasswords function. 2. Inserting hosts is working, but returns an error Examplecode: data = json.loads(parameters) data['HostName'] = hostname data['HostType'] = "Linux" data['APIKey'] = apiKey print(data) print() uri = 'https://ourvault.ourtld/api/hosts' response = requests.post(uri, data=data, verify=False) print(uri) print() print(response.status_code) print() print(response.headers) print() print(response.content) Results: POSTDATA: {'HostType': 'Linux', 'OperatingSystem': 'Ubuntu', 'RemoteConnectionType': 'SSH', 'RemoteConnectionPortNumber': '22', 'InternalIP': '', 'MACAddress': '28-C2-DD-E2-52-0E', 'VirtualMachine': 'True', 'VirtualMachineType': 'VMware', 'HostName': 'testhost', 'APIKey': '49d65a2cb83e73f733a8d5f4cb26e94d'} URI: https://ourvault.ourtld/api/hosts Returncode: 500 Returnheader: {'Cache-Control': 'no-cache,max-age=0, no-cache, must-revalidate', 'Pragma': 'no-cache,no-cache', 'Content-Length': '120', 'Content-Type': 'text/plain; charset=utf-8', 'Expires': '-1,Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Microsoft-IIS/8.5', 'Strict-Transport-Security': 'max-age=31536000', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'X-UA-Compatible': 'IE=edge', 'Date': 'Wed, 29 Aug 2018 09:30:12 GMT'} Returnbody: b'[{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}]' The host is getting inserted correctly, but the expected returnbody is broken. 3. The hostsearch function is broken Examplecode: headers = { 'APIKey': apiKey } uri ='https://ourvault.ourtld/api/hosts?HostName='+hostname response = requests.get(uri, headers=headers, verify=False) print(uri) print() print(response.status_code) print() print(response.headers) print() print(response.content) Results: URI: https://ourvault.ourtld/api/hosts?HostName=testhost Returncode: 500 Returnheader: {'Cache-Control': 'no-cache,max-age=0, no-cache, must-revalidate', 'Pragma': 'no-cache,no-cache', 'Content-Length': '120', 'Content-Type': 'text/plain; charset=utf-8', 'Expires': '-1,Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Microsoft-IIS/8.5', 'Strict-Transport-Security': 'max-age=31536000', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'X-UA-Compatible': 'IE=edge', 'Date': 'Wed, 29 Aug 2018 09:21:38 GMT'} Returnbody: b'[{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}]' The examplehost "testhost" exists in our passwordstate instance. Also strange is that in the Apidocs, the GET function for hosts is declared as "GET /api/hosts", but all the search examples are for the path "/winapi/hosts/" Other functions like creating folders, passwordlists and passwords are working witout any problems.
  15. Hi guys, Isn't it great how you can just keep on learning new things in IT? I've been working myself through all manner of interesting topics and only now I've started learning about tools such as Swagger. Imagine my mirth upon learning that I don't necessarily have to hand-code a Powershell module (or another lib for a different lang), by having Swagger CodeGen make one for me! All that's required is an OpenAPI compatible documentation of your API! (as if that's a small matter...) Either way, I'd love it if you could put this on your long-term backlog. I imagine more people could find this useful!
  16. It would be a great benefit to be able to resent QR codes to users via the API. Currently, have to go into each user account's settings and resend via the Email QR code button. Is this in the works?
  17. Hi, Is it possible to sync Active Directory with Passwordstate? If I create a Service Account with a specific name like svc_[SERVERNAME] or if the service account is in a specific group in AD, then automatically add a entry in passwordstate with the accountname, password and other information? Or do anyone know how to add entries via script (Powershell, TSQL) ? Regards Hakan
  18. Hiya, I was poking around the API and WINAPi documentation at https://passwordstate/api and https://passwordstate/winapi. First up: big kudos for your work over there! It's an awesome resource, very useful! I noticed a small detail that's off: at /winapi, all the URL and code examples still refer to /api instead of to /winapi. I realize it's such a small silly thing, but it may at some point throw off someone who's trying to use the Windows-integrated authentication instead of the API keys. Cheers, Thomas
  19. Hi, Some users needs to use an API key with their password lists. We have set the "Enable the 'Toggle Visibility of Web API IDs' menu for Password List Administrators only (if set to No, users with Modify rights will also have access to this menu):" to No But the toggle visiblity remains greyed out for users with modify permissions. I have now given the users admin permission on those list. This allows them to toggle the visibility of the API key. However, the API key is set to 'None'. They can access the API key tab in the properties of the list, but the 'Generate API key' button is greyed out. What permissions must a user have to be able to generate an/the API key? It looks like all API keys have to be generated by a Passwordstate system administrator? I'm using build 8165 Valentijn
  20. Hi, Can you fix so the whenever you use the API to create a password and the password has a $ sign in it truncates the rest of the password set in passwordstate. I proably can fix this with modifications in my script. But just wanted to have this so I wouldn't have to. Example of a powershell script, works fine if there are no $ signs in the password. Probably the same happens with other parameters. param($username, $password, $description) $jsonString = @" { "PasswordListID":92, "Title":"company\\$username", "Description":"$description", "AccountTypeID":64, "UserName":"$username", "password":"$password", "APIKey":"XXXXXXXXXXXXXXXXXXXXXXXX", "PasswordResetEnabled":true, "PrivilegedAccountID":2, "HeartbeatEnabled":true, "ValidationScriptID":7, "ADDomainNetBIOS":"company" } "@ Invoke-RestMethod -Uri https://passwordstate.company.com/api/passwords/ -Method Post -ContentType "application/json" -Body $jsonString
  21. This post describes how to set up an Active Directory account in Passwordstate, configured for Automatic Resets: Powershell Script: $PasswordstateAPIURL = "https://fabrikam.com/api/passwords" $jsonString = ' { "PasswordListID":"9914", "Title":"SCCM Service Account", "Username":"sccm_admin", "GeneratePassword":"False", "Password":"Welcome01", "APIKey":"63fca2537db89e4fb329546d7e83cab6", "ValidatewithPrivAccount":"False", "AllowExport":"True", "PasswordResetEnabled":"True", "EnablePasswordResetSchedule":"True", "PasswordResetSchedule":"23:00", "AccountTypeID":"82", "ADDomainNetBIOS":"fabrikam", "PrivilegedAccountID":"2", "HeartbeatEnabled":"True", "ValidationScriptID":"9", "HeartbeatSchedule":"10:00" } ' Invoke-Restmethod -Method POST -Uri $PasswordstateAPIURL -ContentType "application/json" -Body $jsonString Pre-Requisites to get this script working: An API key needs to be set on a Password List. This can be achieved when adding or editing a Password List: You'll need to find the PasswordListID value, by toggling the Visibility of the Web API IDs: Next you'll need to find the AccountTypeID for Active Directory under Administration -> Images and Account Types: Next find the Validation ScriptID for Active Directory Accounts under Administration -> Powershell Scripts -> Password Validation: And the ID of your Privileged account, which has permissions in AD to reset Accounts: If you insert these values into your script, along with any other string values like the Title or username, it will add a record in to the system as expected.
  22. Hello Everyone, While creating the Host API key and trying to connect using the host key, we are getting below errors.We have also created the new key and then tried but still the same error. [{"errors":[{"message":"No Authorization"},{"phrase":"An error has occurred trying to validate the Hosts API Key. Please check if the System Wide Hosts API Key value is correct."}]}] Can someone help in this ? why this error is getting though we have created the system wide API key. Also having the admin level access. We are trying to use below - # Searching for all SQL Servers curl https://passwordstate/api/hosts/?SQLServer=True&apikey=<value> Note : We are using the latest build i.e. 7868 Thanks, Gagan
  23. Hello all. We have recently been reviewing our PowerShell scripts and decided to come up with a function our support staff can use when they want/need a password to be retrieved from Passwordstate. Now the below assumes you have the appropriate IP/Subnets defined and an appropriate API key to retrieve records. This is nothing special, but thought it may help others who are unaware the ease of retrieving records via Passwordstate. This requires PowerShell v3 to leverage 'Invoke-RestMethod' cmdlet. function Get-Password { <# Requires PowerShell v3 for Invoke-RestMethod support Retrieves password record from Passwordstate #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, Position = 0)] $Id, [Parameter(Mandatory = $true, Position = 1)] $APIKey ) Invoke-RestMethod -Uri https://pstate.domain.org/api/passwords/$($Id)?apikey=$($APIKey) -Method Get } You can then retrieve a record in this manner: $ID = "1234" $APIKey = "12345678900987654321" $Creds = Get-Password -Id $ID -APIKey $APIKey Once you have retrieved the record, you can convert it to a PowerShell credential object for later use: $User = $Creds.Username $Pswd = ConvertTo-SecureString -String $Creds.Password -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ($User, $Pswd) At this point you can specify the $Credential for cmdlets that support it and no longer store credentials in plain text (or even via "secure string"): Get-Service -ComputerName SRV01 -Name "BITS" -Credential $Credential
  24. Hi We are implementing Password State API wrapper in Powershell When we create a new password in a password list we usually perform a copy & Link action to a more specific Password List We were wondering if it is possible to perform the same action via API or better it would be to specify during a password creation via API another Password List where the new password should be copied and linked to Thanks for the help Alberto
  25. Hi All, I did a quick Google search, but nothing came up for a Java client, which utilises PS API. The API and the data structures are fairly simple, so it's not a difficult task to write one, but using pre-existing, or even "official" client would be more advisable. If you know about a project like this, please share - otherwise I'm happy to start creating one and share it on GitHub. Regards, Zoltan
  • Create New...