Closed samiron7567 closed 4 years ago
Hey @samiron7567 ,
Try concatenating the OTP password with a comma after the password an example for it (in Powershell) can be seen here: https://github.com/cyberark/epv-api-scripts/tree/master/Account%20Onboard%20Utility/v10
and a video tutorial by @infamousjoeg here: https://www.youtube.com/watch?v=zxzUfEUN5dA&t=647s
Is there a simple way of getting this RestAPI worked with application like Postman? I am not a powershell lover and its hard for me to understand from the referred powershell script.
And mostly why CyberArk has such bad documentation. Everywhere they populated document to use authentication other than OTP. They must provide more info on their documentation sites of how one can use various login procedure for automations.
@samiron7567 our REST API is documented in a Postman collection at https://CYBR.rocks/RESTAPI.
@samiron7567 in addition to the public Postman, there is also a swagger documentation on the PVWA instance that is installed at your organization.
Just go to https://
Thanks for the reply @AssafMiron however its same as i was following documentation earlier. It is asking for MFA but there is no guide, where to put MFA actually within the document
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ \ "UserName": "aabcdzz", \ "Password": "mypass", \ "Type": "string", \ "SecureMode": true \ }' 'https://pam.example.com/PasswordVault/api/Auth/radius/Logon'
Here is output with Response code 500
{ "ErrorCode": "ITATS542I", "ErrorMessage": "Enter the current code displayed in the Multi-Factor Authentication or Azure Authenticator mobile app to complete your authentication." }
@samiron7567, when returning ITATS542I, a response to the Radius challenge is expected. This exception can be caught, and a second authentication request sent containing the OTP as the password value. Here is some tried & tested code which illustrates the logic: https://github.com/pspete/psPAS/blob/3efbf916908b04ddb761140dffa7cc2914d4df5e/psPAS/Functions/Authentication/New-PASSession.ps1#L540
Hi All,
Was trying to figure out how to generate temporary access_token using username, password with OTP based login, so can run different API calls. I went through the documentation in CyberArk but unable to find one. Basically the idea is to get output of user locked accounts and do further automation.
Wrote below python script to make API call, however seems i am missing something. Any help would be greatly appreciated.
Above API call is failing with: