Jump to content

Search the Community

Showing results for tags 'api'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Essentials
    • Announcements
  • Passwordstate 8.x
    • General Support
    • Feature Requests
    • Feature Requests - Completed
    • Known Issues
    • Installing Passwordstate
  • Knowledge Base
    • General FAQs
    • Password Resets
    • Remote Session Launcher
    • Mobile Client
    • Passwordstate API
    • Browser Extensions
    • Password Reset Portal
  • Passwordstate 7.x
    • General Support
    • Known Issues

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL





Google Plus Account







Found 24 results

  1. Burle Mickael

    System wide API key rights

    Hello We notice that the system wide api key cannot overwrite rights set on a password list. Basically, if the box "Return blank Password value instead of actual Password" is ticked, even the system API key cannot retrieve the password with REST API function I think that the system API key should be able to retrieve everything in any password list And this right should be only apply to the api key generated specifically for a password list. regards MB
  2. Burle Mickael

    Move API function

    Hello With the web interface, it's possible to copy, copy and link or move a password to another password list. It should be useful to have the same function with API. Moreover, perform these operation with the web interface is only possible one by one. Not practical if you have 50 or 100 passwords to move. May be the checkbox to perform bulk deletion can be also use to select password several password to move. regards, MB
  3. Meelis Nigols

    Creating folders using REST API

    I found inconsistency in REST API. Response after creating folder contains folder ID fore newly created folder, and TreePath that points to parent folder. Searching for folder return object, where both FolderId and TreePath point to found folder. Now when I want to search for Password lists in specific folder, I can refer folder by TreePath, but I can't refer folder by Folder ID. Is it intended that I will need to search for newly created folder just to get correct FolderPath reference (so that I can use it in further searches)? Or would it be possible, that creating folder response will have correct TreePath pointing to just created folder, not to parent folder? My PasswordState version is 8706. I'm unable to find API documentation on public website to check for changes in documentation after my build number.
  4. Another thing that was unexpected. When searching folders by name, it turns out that folder name string is used for substring search. For example, when using next URL for search: https://passwordstate/winapi/folders/?FolderName=Folder1&TreePath=\Test then results include folders with following names (and treepaths): Folder1 (\Test\Folder1) Folder10 (\Test\Folder10) Subfolder1 (\Test\Folder*\Subfolder1 - serveral folders) Subfolder10 (\Test\Folder*\Subfolder10 - serveral folders) How can I perform search with exact match? Without that i have to construct desired TreePath and then compare all returned results to that, if I want to get only folder I'm searching for... My PasswordState build number is 8706.
  5. Hi! We are trying to automate processes more and more and I wonder if it would be possible for you to create an API for the Global address book? (Our need is primary a way of adding new users, but I guess also removing and updating entries would be useful for us and other customers) And to make it all the way... an api for the self destruct message portal would be nice to have. That would allow us to have our user creation process completely automated. Right now the only manual action we have to do is to go in manually and send the self destruct message. Kind regards, Jasper Metselaar
  6. Hello, Seeking advise on what I am trying to accomplish. Thankful for the recent addition of HIBP and the value it provides moving forward but I am looking at: Running a report to list all accounts that have a "bad" password and is already stored in the DB Searching all accounts by password. For example, if we found out that Password123 is "weak"...how do I search for all accounts with the password "Password123" so they can be addressed? Thanks!
  7. I am trying to use the API to add a host, then a password and then link it to that host. I want the account to appear as the "RDP linked Credential" I first check if the host exists, if not it gets created. This works fine and I get my HostID. I then create the credential, I am specifying "HostName" which is a match for the Host object that I created. If I now try to delete my Host, it will tell me that there is a linked account. So in my mind, this has worked. However, from the RDP Linked credentials drop down, there are no items found and I still need to search for this account manually. How can I get the accounts linked for RDP via the API?
  8. Hello. This feature request is more focused on functionality via the REST API, but as I understand it, would require some changes to the current designed behavior of the password reset dependencies. In its current state, it is not possible to make a modification to a password reset dependency once it has been linked to a password record, and therefore, requires you to make a new dependency as the modified version, and to remove the previously linked one. If possible, I am asking if we could make it so that you are able to modify an existing password reset dependency so that additional APIs such as the following could be achieved: A new REST API for retrieving all existing password reset dependencies for a given password record A new REST API for modifying an existing password reset dependency for a given password record A new REST API for removing an existing password reset dependency for a given password record Thank you.
  9. Hi and a happy new year, we use Royal TS (Connection Management Tool) from https://www.royalapplications.com/ and want to link it dynamically to Passwordstate. Royal TS has an abstraction for hostnames/usernames and the credentials (one script can call the "hostlist" an other the "credentialslist" and only the ones he's allowed to see)... so a user can see all hostnames when he starts the tool, but only when he connects to one of it the credentials will be queried. That is normally perfect ... then we see in the Passwordstate also an audit entry for this connection try. But we can't find an API call for query only the entries without the passwords, in the RoyalTS Frontend we can filter this, but an nosier user (developers are childs sometimes ;)) can simply catch all Passwordstate Passwords when he looks into the script ... can you add an specific API Call (with maybe an own API key for this) query the details without the passwords only? Thank you!
  10. As one of my programmatic secondary backup plan I wanted to use the API to dump the passwords periodically for save keeping. I'm reading up on the api call to do the export all and it's pretty easy to get the data using a simple powershell command as described in the documentation. Then you can just export that into a CSV by piping it into "Export-CSV". Easy enough, but I really like the in UI where I can export as KeePass encrypted zip. Before I try and write this myself, is this already available as a sample or API parameter?
  11. Hello, I am unable to create password lists using passwordlists resource via webapi. I am using Powershell: $jsonData = ' { "PasswordList":"TEST LIST", "Description":"TEST" } ' $PasswordstateUrl = 'https://*passwordstate url*/winapi/passwordlists' $result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -ContentType "application/json" -Body $jsonData -UseDefaultCredentials $PasswordListID = $result.PasswordListID Obviously I am replacing *passwordstate url* with the correct URL for my environment. Here is the exception I am getting: Invoke-Restmethod : [{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}] At line:2 char:15 + ... $result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -Co ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand Outputting $error[0].Exception yields: The remote server returned an error: (500) Internal Server Error. My Passwordstate Build is 8501.
  12. Hi, Would it be possible to add the ability to copy and link a created password to a different list? To explain: We use VMware Automation (vRA) to talk to Passwordstate and generate a new entry through the API. Then vRA is taking some variables into account (APIkey, PasswordID) and sends it to a powershell host, which creates a certificate in our Active Directory for the host mentioned. Then in the script the certificates are upload to PasswordState through the API. After this step we would like to automatically copy and link the created entry to a different password list, as the list to which it comes in, is to "admins" only and we don't want everyone to see them. Thanks in advance, Ronald
  13. Hi, i'm evaluating the usage of passwordstate for the company i'm working for and one of the main criteria is the webapi. I'm connectiong to the api with a python script and i have found three issues that i think could be bugs, and one is a showstopper for us. 1. The searchpasswords function in combination with a passwordlist-id and username seems to be broken Examplecode: headers = { 'APIKey': apiKey } uri = 'https://ourvault.ourtld/api/searchpasswords/'+str(passwordlist['PasswordListID'])+"?username="+user response = requests.get(uri, headers=headers, verify=False) print(uri) print() print(response.status_code) print() print(response.headers) print() print(response.content) Results: URI: https://ourvault.ourtld/api/searchpasswords/26?username=root Returncode: 500 Returnheader: {'Cache-Control': 'no-cache,max-age=0, no-cache, must-revalidate', 'Pragma': 'no-cache,no-cache', 'Content-Length': '120', 'Content-Type': 'text/plain; charset=utf-8', 'Expires': '-1,Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Microsoft-IIS/8.5', 'Strict-Transport-Security': 'max-age=31536000', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'X-UA-Compatible': 'IE=edge', 'Date': 'Wed, 29 Aug 2018 09:18:31 GMT'} Returnbody: b'[{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}]' api/passwords/26?QueryAll is working fine, so it seems it's the searchpasswords function. 2. Inserting hosts is working, but returns an error Examplecode: data = json.loads(parameters) data['HostName'] = hostname data['HostType'] = "Linux" data['APIKey'] = apiKey print(data) print() uri = 'https://ourvault.ourtld/api/hosts' response = requests.post(uri, data=data, verify=False) print(uri) print() print(response.status_code) print() print(response.headers) print() print(response.content) Results: POSTDATA: {'HostType': 'Linux', 'OperatingSystem': 'Ubuntu', 'RemoteConnectionType': 'SSH', 'RemoteConnectionPortNumber': '22', 'InternalIP': '', 'MACAddress': '28-C2-DD-E2-52-0E', 'VirtualMachine': 'True', 'VirtualMachineType': 'VMware', 'HostName': 'testhost', 'APIKey': '49d65a2cb83e73f733a8d5f4cb26e94d'} URI: https://ourvault.ourtld/api/hosts Returncode: 500 Returnheader: {'Cache-Control': 'no-cache,max-age=0, no-cache, must-revalidate', 'Pragma': 'no-cache,no-cache', 'Content-Length': '120', 'Content-Type': 'text/plain; charset=utf-8', 'Expires': '-1,Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Microsoft-IIS/8.5', 'Strict-Transport-Security': 'max-age=31536000', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'X-UA-Compatible': 'IE=edge', 'Date': 'Wed, 29 Aug 2018 09:30:12 GMT'} Returnbody: b'[{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}]' The host is getting inserted correctly, but the expected returnbody is broken. 3. The hostsearch function is broken Examplecode: headers = { 'APIKey': apiKey } uri ='https://ourvault.ourtld/api/hosts?HostName='+hostname response = requests.get(uri, headers=headers, verify=False) print(uri) print() print(response.status_code) print() print(response.headers) print() print(response.content) Results: URI: https://ourvault.ourtld/api/hosts?HostName=testhost Returncode: 500 Returnheader: {'Cache-Control': 'no-cache,max-age=0, no-cache, must-revalidate', 'Pragma': 'no-cache,no-cache', 'Content-Length': '120', 'Content-Type': 'text/plain; charset=utf-8', 'Expires': '-1,Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Microsoft-IIS/8.5', 'Strict-Transport-Security': 'max-age=31536000', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'X-UA-Compatible': 'IE=edge', 'Date': 'Wed, 29 Aug 2018 09:21:38 GMT'} Returnbody: b'[{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}]' The examplehost "testhost" exists in our passwordstate instance. Also strange is that in the Apidocs, the GET function for hosts is declared as "GET /api/hosts", but all the search examples are for the path "/winapi/hosts/" Other functions like creating folders, passwordlists and passwords are working witout any problems.
  14. Hi guys, Isn't it great how you can just keep on learning new things in IT? I've been working myself through all manner of interesting topics and only now I've started learning about tools such as Swagger. Imagine my mirth upon learning that I don't necessarily have to hand-code a Powershell module (or another lib for a different lang), by having Swagger CodeGen make one for me! All that's required is an OpenAPI compatible documentation of your API! (as if that's a small matter...) Either way, I'd love it if you could put this on your long-term backlog. I imagine more people could find this useful!
  15. It would be a great benefit to be able to resent QR codes to users via the API. Currently, have to go into each user account's settings and resend via the Email QR code button. Is this in the works?
  16. Hi, Is it possible to sync Active Directory with Passwordstate? If I create a Service Account with a specific name like svc_[SERVERNAME] or if the service account is in a specific group in AD, then automatically add a entry in passwordstate with the accountname, password and other information? Or do anyone know how to add entries via script (Powershell, TSQL) ? Regards Hakan
  17. Valentijn Scholten

    Permissions for generating API key

    Hi, Some users needs to use an API key with their password lists. We have set the "Enable the 'Toggle Visibility of Web API IDs' menu for Password List Administrators only (if set to No, users with Modify rights will also have access to this menu):" to No But the toggle visiblity remains greyed out for users with modify permissions. I have now given the users admin permission on those list. This allows them to toggle the visibility of the API key. However, the API key is set to 'None'. They can access the API key tab in the properties of the list, but the 'Generate API key' button is greyed out. What permissions must a user have to be able to generate an/the API key? It looks like all API keys have to be generated by a Passwordstate system administrator? I'm using build 8165 Valentijn
  18. Hiya, I was poking around the API and WINAPi documentation at https://passwordstate/api and https://passwordstate/winapi. First up: big kudos for your work over there! It's an awesome resource, very useful! I noticed a small detail that's off: at /winapi, all the URL and code examples still refer to /api instead of to /winapi. I realize it's such a small silly thing, but it may at some point throw off someone who's trying to use the Windows-integrated authentication instead of the API keys. Cheers, Thomas
  19. Hi, Can you fix so the whenever you use the API to create a password and the password has a $ sign in it truncates the rest of the password set in passwordstate. I proably can fix this with modifications in my script. But just wanted to have this so I wouldn't have to. Example of a powershell script, works fine if there are no $ signs in the password. Probably the same happens with other parameters. param($username, $password, $description) $jsonString = @" { "PasswordListID":92, "Title":"company\\$username", "Description":"$description", "AccountTypeID":64, "UserName":"$username", "password":"$password", "APIKey":"XXXXXXXXXXXXXXXXXXXXXXXX", "PasswordResetEnabled":true, "PrivilegedAccountID":2, "HeartbeatEnabled":true, "ValidationScriptID":7, "ADDomainNetBIOS":"company" } "@ Invoke-RestMethod -Uri https://passwordstate.company.com/api/passwords/ -Method Post -ContentType "application/json" -Body $jsonString
  20. This post describes how to set up an Active Directory account in Passwordstate, configured for Automatic Resets: Powershell Script: $PasswordstateAPIURL = "https://fabrikam.com/api/passwords" $jsonString = ' { "PasswordListID":"9914", "Title":"SCCM Service Account", "Username":"sccm_admin", "GeneratePassword":"False", "Password":"Welcome01", "APIKey":"63fca2537db89e4fb329546d7e83cab6", "ValidatewithPrivAccount":"False", "AllowExport":"True", "PasswordResetEnabled":"True", "EnablePasswordResetSchedule":"True", "PasswordResetSchedule":"23:00", "AccountTypeID":"82", "ADDomainNetBIOS":"fabrikam", "PrivilegedAccountID":"2", "HeartbeatEnabled":"True", "ValidationScriptID":"9", "HeartbeatSchedule":"10:00" } ' Invoke-Restmethod -Method POST -Uri $PasswordstateAPIURL -ContentType "application/json" -Body $jsonString Pre-Requisites to get this script working: An API key needs to be set on a Password List. This can be achieved when adding or editing a Password List: You'll need to find the PasswordListID value, by toggling the Visibility of the Web API IDs: Next you'll need to find the AccountTypeID for Active Directory under Administration -> Images and Account Types: Next find the Validation ScriptID for Active Directory Accounts under Administration -> Powershell Scripts -> Password Validation: And the ID of your Privileged account, which has permissions in AD to reset Accounts: If you insert these values into your script, along with any other string values like the Title or username, it will add a record in to the system as expected.
  21. Gagan

    Passwordstate API

    Hello Everyone, While creating the Host API key and trying to connect using the host key, we are getting below errors.We have also created the new key and then tried but still the same error. [{"errors":[{"message":"No Authorization"},{"phrase":"An error has occurred trying to validate the Hosts API Key. Please check if the System Wide Hosts API Key value is correct."}]}] Can someone help in this ? why this error is getting though we have created the system wide API key. Also having the admin level access. We are trying to use below - # Searching for all SQL Servers curl https://passwordstate/api/hosts/?SQLServer=True&apikey=<value> Note : We are using the latest build i.e. 7868 Thanks, Gagan
  22. Hello all. We have recently been reviewing our PowerShell scripts and decided to come up with a function our support staff can use when they want/need a password to be retrieved from Passwordstate. Now the below assumes you have the appropriate IP/Subnets defined and an appropriate API key to retrieve records. This is nothing special, but thought it may help others who are unaware the ease of retrieving records via Passwordstate. This requires PowerShell v3 to leverage 'Invoke-RestMethod' cmdlet. function Get-Password { <# Requires PowerShell v3 for Invoke-RestMethod support Retrieves password record from Passwordstate #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, Position = 0)] $Id, [Parameter(Mandatory = $true, Position = 1)] $APIKey ) Invoke-RestMethod -Uri https://pstate.domain.org/api/passwords/$($Id)?apikey=$($APIKey) -Method Get } You can then retrieve a record in this manner: $ID = "1234" $APIKey = "12345678900987654321" $Creds = Get-Password -Id $ID -APIKey $APIKey Once you have retrieved the record, you can convert it to a PowerShell credential object for later use: $User = $Creds.Username $Pswd = ConvertTo-SecureString -String $Creds.Password -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ($User, $Pswd) At this point you can specify the $Credential for cmdlets that support it and no longer store credentials in plain text (or even via "secure string"): Get-Service -ComputerName SRV01 -Name "BITS" -Credential $Credential
  23. Alberto Morando

    Perform Copy and Link action via API

    Hi We are implementing Password State API wrapper in Powershell When we create a new password in a password list we usually perform a copy & Link action to a more specific Password List We were wondering if it is possible to perform the same action via API or better it would be to specify during a password creation via API another Password List where the new password should be copied and linked to Thanks for the help Alberto
  24. Hi All, I did a quick Google search, but nothing came up for a Java client, which utilises PS API. The API and the data structures are fairly simple, so it's not a difficult task to write one, but using pre-existing, or even "official" client would be more advisable. If you know about a project like this, please share - otherwise I'm happy to start creating one and share it on GitHub. Regards, Zoltan