REST APIs

We provide the following REST APIs to help integrate Conjur into your development environments. Click a link below to view documentation for each API.

Authentication

Most API calls require an authentication access token in the header. The majority of endpoints only accept access tokens, while passwords and API keys are typically supported for authentication-related operations. The different credentials are sent via the Authorization HTTP header. The format requirements for each authentication method are described in Authenticate using REST APIs.

The following APIs enable you to manage Conjur authentication tasks:

API	Description
Login	Gets the API key of a user given the username and password via HTTP Basic Authentication.
Authenticate	Gets a short-lived access token, which can be used to authenticate requests to (most of) the rest of the Conjur REST API.
Change your password	Changes a user’s password.
Rotate Personal API Key	Replaces your own API key with a new random API key.
Rotate Another Role's API Key	Replaces the API key of another role you can update with a new random API key.
WhoAmI	Provides information about the client making an API request.

Authenticators

Once an authenticator is configured and enabled, an authentication request can be sent to Conjur.

API	Description
Authenticator Status	Checks the status of a Conjur authenticator
Azure Authenticator	When the Azure Authenticator is configured and enabled, an Azure instance can send an authentication request to Conjur.
GCP Authenticator	When the GCP Authenticator is configured and enabled, a GCP resource can send an authentication request to Conjur.
JWT Authenticator	When the JWT Authenticator is configured and enabled, an application can send a JWT-based authentication request to Conjur.
OIDC Authenticator	Enables you to send an authentication request after the OIDC Authenticator is configured
List OIDC providers	Lists all available OIDC providers

Secrets

A variable is an access-controlled list of encrypted data values. The values in a variable are colloquially known as “secrets”.

Only the twenty most recent values in a variable are retained; this prevents the database from growing without bounds.

The following APIs enable you to manage secret values within specified variables.

API	Description
Set a Secret	Creates a secret value within the specified variable.
Retrieve a Secret	Fetches the value of a secret from the specified variable.
Batch Retrieval	Fetches multiple secret values in one call.

Policies

The following APIs help you to manage Conjur policies.

API	Description
Replace a Policy	Loads or replaces a Conjur policy document.
Load a Policy	Adds data to the existing Conjur policy.
Update a Policy	Modifies an existing Conjur policy.

Role-based control

The following APIs help you to manage Conjur role-based access controls.

API	Description
Show a Role	Gets detailed information about a specific role, including the role members.
List a Role's Members	List members within a role.
List Resources	Lists resources within an organization account.
Show a Resource	The response to this method is a JSON document describing a single resource.
Show Permitted Roles	Lists the roles which have the named permission on a resource.
Check permission	Checks whether a role has a privilege on a resource.

Host Factory

The following APIs enable you to manage Host Factory features.

API	Description
Create Tokens	Creates one or more tokens which can be used to bootstrap applications.
Revoke Tokens	Revokes a token, immediately disabling it.
Create a host	Creates an application (`host`) using the Host Factory and returns a JSON description of it.

Public keys

The following API lets you manage public key settings.

API	Description
Show Public Keys	Shows all public keys for a resource as newline delimited string for compatibility with the authorized keys SSH format.