API Directory
- Mar 17, 2025

Cyberark API Directory

CyberArk software is a leading cybersecurity solution specializing in identity security and privileged access management (PAM). It plays a crucial role in protecting organizations from cyber threats by securing privileged accounts, credentials, and secrets. As cyber threats continue to evolve, CyberArk's robust security measures ensure that sensitive data and critical infrastructure remain safeguarded. Its comprehensive approach to identity security makes it an essential tool for businesses across various industries, aiming to protect their most valuable assets.

One of the key features of CyberArk is its ability to integrate seamlessly with existing IT environments through its API. The CyberArk API facilitates smooth integration, enabling organizations to enhance their security posture without disrupting their current operations. By leveraging the CyberArk API, businesses can automate security processes, streamline identity management, and ensure compliance with industry regulations. This integration capability not only strengthens security but also optimizes operational efficiency, making CyberArk a preferred choice for enterprises seeking advanced cybersecurity solutions.

Key highlights of Cyberark APIs

The CyberArk API suite provides powerful tools to integrate and automate privileged access management (PAM) functionalities. Below are the key highlights of the CyberArk APIs:

Core Functionalities:

  • Account Management: Create, retrieve, update, and delete privileged accounts to ensure efficient and secure management of credentials.
  • User Management: Manage users, roles, and permissions to enforce strict access control policies.
  • Session Management: Initiate, monitor, and terminate privileged sessions with support for session recording for auditing purposes.
  • Policy Management: Define, update, and apply security policies for password rotation, access controls, and compliance requirements.

Integration Use Cases:

  • Automated Credential Rotation: Enable seamless credential updates for critical systems as per security policies.
  • Incident Response Automation: Integrate with SIEM tools to automate detection and response to security events.
  • Compliance Audits: Extract detailed logs and session recordings to meet regulatory requirements.

Supported Protocols:

  • RESTful API: CyberArk APIs are REST-compliant, using standard HTTP methods for resource interaction.

Authentication Mechanisms:

  • Session Token Authentication: Secure API access by using session tokens obtained via the login endpoint.
  • OAuth 2.0: Where supported, OAuth 2.0 can be used for enhanced security in integrations.

Rate Limiting Policies:

  • Call Limits: Best practices include limiting excessive API calls and handling 429 (Too Many Requests) responses effectively.

For comprehensive information, refer to the official CyberArk API documentation.

Cyberark API Endpoints

CDirectoryService

  • post https://{tenant_url}/CDirectoryService/ChangeUser : The Update Base Profile Identity API allows authorized users to update information for a specified cloud user.
  • post https://{tenant_url}/CDirectoryService/ChangeUserState : The Change User State - Identity API allows authorized users to change the state of a user from disabled to active or vice versa.
  • post https://{tenant_url}/CDirectoryService/ExemptUserFromMfa : This API allows a system administrator or a user with user management permissions to exempt a user from Multi-Factor Authentication (MFA) login for a specified amount of time.
  • post https://{tenant_url}/CDirectoryService/GetTechSupportUser : The Fetch Technical Support User Identity API allows system administrators or users with user management permissions to retrieve information about a technical support user.
  • post https://{tenant_url}/CDirectoryService/GetUser : The Get User Details API allows system administrators, users with user management rights, or the user itself to fetch details of a specific existing user in the cloud directory.
  • post https://{tenant_url}/CDirectoryService/GetUserAttributes : The 'Get User Attributes - Identity API' allows clients to retrieve detailed information about a cloud user.
  • post https://{tenant_url}/CDirectoryService/GetUserByName : The 'Get User Details by Name - Identity API' allows you to retrieve details of a cloud user by their username.
  • post https://{tenant_url}/CDirectoryService/GetUsers : The 'Get Users Details - Identity API' allows system administrators and users with user management rights to fetch a list of all existing users in the cloud directory.
  • post https://{tenant_url}/CDirectoryService/GetUsersFromCsvFile : This API is used to initiate the bulk user import in the CyberArk Identity cloud directory.
  • post https://{tenant_url}/CDirectoryService/SetUserPicture : This API allows setting a user's picture/photo for a particular user.
  • post https://{tenant_url}/CDirectoryService/SetUserState : The Set User State API in CyberArk Identity allows system administrators and users with user management permissions to lock, disable, or set a Cloud Directory account to expired.
  • post https://{tenant_url}/CDirectoryService/SubmitUploadedFile : The Advance Bulk User Import - Identity API allows system administrators and users with user management rights to create users in bulk in the CyberArk Identity cloud directory.

Core

  • post https://{tenant_url}/Core/GetUserSettings : The 'Get User Settings - Identity API Reference' API allows clients to retrieve user settings based on the specified user ID and setting type.

ExtData

  • post https://{tenant_url}/ExtData/GetColumns : This API is used to retrieve the list of all current attributes and their values for a CyberArk Identity user.
  • post https://{tenant_url}/ExtData/GetSchema : The Get Schema - Identity API Reference is used to obtain a list of the current attributes (columns) for a table in the Tenant's extended schema.
  • post https://{tenant_url}/ExtData/SetColumns : This API is used to update the extended attribute values for a CyberArk Identity user.
  • post https://{tenant_url}/ExtData/UpdateSchema : This API allows system administrators to add new attributes to the tenant schema or update existing attributes.

Org

  • post https://{tenant_url}/Org/ChangeMemberShip : The Update Organization Membership API allows you to add or delete members for an organization.
  • post https://{tenant_url}/Org/Create : The Create Organization Identity API allows system administrators to create a new organization by providing a name and an optional description.
  • post https://{tenant_url}/Org/Delete : The Delete Organization - Identity API allows a system administrator to delete an organization by providing the unique organization ID.
  • post https://{tenant_url}/Org/Get : This API is used to retrieve details of a specific organization by providing its unique ID.
  • post https://{tenant_url}/Org/GetAdministrators : This API is used to retrieve the list of administrators for a specified organization.
  • post https://{tenant_url}/Org/GetPermission : The 'Get Administrative Rights - Identity API' allows users with AdminUI task permission to retrieve administrative rights for a specified organization.
  • post https://{tenant_url}/Org/GetRoles : This API is used to retrieve the roles for a specific organization by providing the organization's unique ID.
  • post https://{tenant_url}/Org/ListAll : This API is used to retrieve a list of all organizations.
  • post https://{tenant_url}/Org/Update : The Update Organization Identity API allows a system administrator to update the details of an organization.
  • post https://{tenant_url}/Org/UpdateAdministrators : The 'Update Administrators for Organization' API allows a system administrator to add or delete administrators for a specified organization.
  • post https://{tenant_url}/Org/UpdatePermission : The Update Administrative Rights API allows a system administrator to update permissions for an organization.

User

  • post https://{tenant_url}/User/UpdateProfile : The Update User Profile API allows system administrators, users with user management rights, or the user itself to update an existing cloud user's properties.

UserMgmt

  • post https://{tenant_url}/UserMgmt/ChangeUserAttributes : This API is used to update the value of different attributes for CyberArk Identity active directory users.
  • post https://{tenant_url}/UserMgmt/GetUserAttributes : This API fetches attributes for a specified user.
  • post https://{tenant_url}/UserMgmt/GetUserHierarchy : The Get User Hierarchy API is used to retrieve the reporting hierarchy for a specified user.
  • post https://{tenant_url}/UserMgmt/GetUserInfo : The 'Get User Information - Identity API' allows authorized users to retrieve detailed information about a specific user within the system.
  • post https://{tenant_url}/UserMgmt/GetUserRiskLevel : This API enables system administrators with user management rights to fetch the risk level details of an existing user in the Cloud Directory.
  • post https://{tenant_url}/UserMgmt/GetUsersRolesAndAdministrativeRights : This API is used to retrieve a list of user roles and administrative rights associated with those roles.
  • post https://{tenant_url}/UserMgmt/InviteUsers : The Invite Cloud Users API allows system administrators or users with user management permissions to invite users or groups to the cloud system.
  • post https://{tenant_url}/UserMgmt/IsUserCloudLocked : This API checks if a user is locked in the system.
  • post https://{tenant_url}/UserMgmt/IsUserLockedOutByPolicy : This API checks if a user is locked out by policy, meaning they cannot answer MFA challenges and authenticate against CyberArk Identity.
  • post https://{tenant_url}/UserMgmt/RemoveUsers : The Delete Users - Identity API allows system administrators or users with user management permissions to delete cloud users.
  • post https://{tenant_url}/UserMgmt/SendLoginEmails : The Send Invitation Email - Identity API allows system administrators to send invitation emails to a list of users identified by their UUIDs.
  • post https://{tenant_url}/UserMgmt/SendSmsInvite : The Send Invitation SMS - Identity API allows system administrators or users with user management permissions to send an invitation SMS to a user identified by their UUID.
  • post https://{tenant_url}/UserMgmt/SetCloudLock : This API is used to lock or unlock a user account.

scim

  • get https://{tenant_url}/scim/Groups : The Query Groups Identity API fetches all the groups from the SCIM service.
  • delete https://{tenant_url}/scim/Groups/{id} : The Delete Group Identity API is used to delete a group resource identified by a unique group ID.
  • post https://{tenant_url}/scim/Users : The Create User - Identity API allows system administrators or users with user management rights to create a new user in the system.
  • put https://{tenant_url}/scim/Users/{id} : The Update User Identity API is used to replace a user resource's attributes using the SCIM PUT operation.

CyberArk API FAQs

How do I authenticate with the CyberArk REST API?

  • Answer: To authenticate with the CyberArk REST API, you need to obtain a session token. This involves sending a POST request to the /PasswordVault/API/Auth/CyberArk/Logon endpoint with your credentials. The response will include a session token, which must be included in the Authorization header of subsequent API requests.
  • Source: Authentication - CyberArk Docs

What are the rate limits for the CyberArk REST API?

  • Answer: CyberArk's REST APIs are designed to be stable and predictable. While specific rate limits are not explicitly documented, it's recommended to implement error handling for potential rate limiting responses to ensure robust integration.
  • Source: REST APIs - CyberArk Docs

Can I retrieve account information using the CyberArk REST API?

  • Answer: Yes, you can retrieve account information using the CyberArk REST API. For example, to list all accounts, you can make a GET request to the /PasswordVault/API/Accounts endpoint.
  • Source: Accounts - CyberArk Docs

Does the CyberArk REST API support webhooks for real-time data updates?

  • Answer: As of the latest available information, CyberArk's REST API does not natively support webhooks. For real-time data updates, consider implementing periodic polling or integrating with third-party services that provide webhook functionality.
  • Source: REST APIs - CyberArk Docs

Are there official SDKs or client libraries for the CyberArk REST API?

  • Answer: CyberArk provides a RESTful API that can be invoked by any RESTful client for various programming and scripting environments, including Java, C#, Perl, PHP, Python, and Ruby.
  • Source: REST APIs - CyberArk Docs

Get Started with CyberArk API Integration

Knit API offers a convenient solution for quick and seamless integration with CyberArk API. Our AI-powered integration platform allows you to build any CyberArk API Integration use case. By integrating with Knit just once, you can integrate with multiple other CRM, Accounting, HRIS, ATS, and other systems in one go with a unified approach. Knit handles all the authentication, authorization, and ongoing integration maintenance. This approach saves time and ensures a smooth and reliable connection to CyberArk API.‍

To sign up for free, click here. To check the pricing, see our pricing page

Related Blogs

API Directory
-
Apr 4, 2025

Full list of Knit's HRIS API Guides

11
mins
API Directory
-
Apr 4, 2025

BambooHR API Directory

11
mins
API Directory
-
Apr 4, 2025

7Shifts API Directory

11
mins
API Directory
-
Apr 4, 2025

Full list of Knit's Payroll API Guides

11
mins
API Directory
-
Apr 4, 2025

Full list of Knit's CRM API Guides

11
mins
API Directory
-
Apr 4, 2025

Full list of Knit's Accounting API Guides

11
mins

#1 in Ease of Integrations

Trusted by businesses to streamline and simplify integrations seamlessly with GetKnit.

Sign Up