REST APIs
We provide the following REST APIs to help integrate Conjur into your development environments. Click a link below to view documentation for each API.
Authentication
Most API calls require an authentication access token in the header. The majority of endpoints only accept access tokens, while passwords and API keys are typically supported for authentication-related operations. The different credentials are sent via the Authorization HTTP header.
The following APIs enable you to manage Conjur authentication tasks:
API |
Description |
---|---|
Gets the API key of a user given the username and password via HTTP Basic Authentication. |
|
Gets a short-lived access token, which can be used to authenticate requests to (most of) the rest of the Conjur REST API. |
|
Changes a user’s password. |
|
Replaces your own API key with a new random API key. |
|
Replaces the API key of another role you can update with a new random API key. |
|
Provides information about the client making an API request. |
Authenticators
Once an authenticator is configured and enabled, an authentication request can be sent to Conjur.
API |
Description |
---|---|
Checks the status of a Conjur authenticator |
|
When the Azure Authenticator is configured and enabled, an Azure instance can send an authentication request to Conjur. |
|
When the GCP Authenticator is configured and enabled, a GCP resource can send an authentication request to Conjur. |
|
When the JWT Authenticator is configured and enabled, an application can send a JWT-based authentication request to Conjur. |
|
Enables you to send an authentication request after the OIDC Authenticator is configured |
|
Lists all available OIDC providers |
Secrets
A variable is an access-controlled list of encrypted data values. The values in a variable are colloquially known as “secrets”.
Only the twenty most recent values in a variable are retained; this prevents the database from growing without bounds.
The following APIs enable you to manage secret values within specified variables.
API |
Description |
---|---|
Creates a secret value within the specified variable. |
|
Fetches the value of a secret from the specified variable. |
|
Fetches multiple secret values in one call. |
Policies
The following APIs help you to manage Conjur policies.
API |
Description |
---|---|
Loads or replaces a Conjur policy document. |
|
Adds data to the existing Conjur policy. |
|
Modifies an existing Conjur policy. |
Role-based control
The following APIs help you to manage Conjur role-based access controls.
API |
Description |
---|---|
Gets detailed information about a specific role, including the role members. |
|
List members within a role. |
|
Lists resources within an organization account. |
|
The response to this method is a JSON document describing a single resource. |
|
Lists the roles which have the named permission on a resource. |
|
Checks whether a role has a privilege on a resource. |
Host Factory
The following APIs enable you to manage Host Factory features.
API |
Description |
---|---|
Creates one or more tokens which can be used to bootstrap applications. |
|
Revokes a token, immediately disabling it. |
|
Creates an application ( |
Public keys
The following API lets you manage public key settings.
API |
Description |
---|---|
Shows all public keys for a resource as newline delimited string for compatibility with the authorized keys SSH format. |