Skip to content
Github Action edited this page Dec 23, 2021 · 14 revisions

Documentation for Conjur

Documentation for API Endpoints

All URIs are relative to http://localhost

Class Method HTTP request Description
AuthenticationApi changePassword PUT /authn/{account}/password Changes a user’s password.
AuthenticationApi enableAuthenticator PATCH /{authenticator}/{account} Enables or disables authenticator defined without service_id.
AuthenticationApi enableAuthenticatorInstance PATCH /{authenticator}/{service_id}/{account} Enables or disables authenticator service instances.
AuthenticationApi getAPIKey GET /authn/{account}/login Gets the API key of a user given the username and password via HTTP Basic Authentication.
AuthenticationApi getAPIKeyViaLDAP GET /authn-ldap/{service_id}/{account}/login Gets the Conjur API key of a user given the LDAP username and password via HTTP Basic Authentication.
AuthenticationApi getAccessToken POST /authn/{account}/{login}/authenticate Gets a short-lived access token, which is required in the header of most subsequent API requests.
AuthenticationApi getAccessTokenViaAWS POST /authn-iam/{service_id}/{account}/{login}/authenticate Get a short-lived access token for applications running in AWS.
AuthenticationApi getAccessTokenViaAzure POST /authn-azure/{service_id}/{account}/{login}/authenticate Gets a short-lived access token for applications running in Azure.
AuthenticationApi getAccessTokenViaGCP POST /authn-gcp/{account}/authenticate Gets a short-lived access token for applications running in Google Cloud Platform.
AuthenticationApi getAccessTokenViaJWT POST /authn-jwt/{service_id}/{account}/authenticate Gets a short-lived access token for applications using JSON Web Token (JWT) to access the Conjur API.
AuthenticationApi getAccessTokenViaJWTWithId POST /authn-jwt/{service_id}/{account}/{id}/authenticate Gets a short-lived access token for applications using JSON Web Token (JWT) to access the Conjur API. Covers the case of use of optional URL parameter "ID"
AuthenticationApi getAccessTokenViaKubernetes POST /authn-k8s/{service_id}/{account}/{login}/authenticate Gets a short-lived access token for applications running in Kubernetes.
AuthenticationApi getAccessTokenViaLDAP POST /authn-ldap/{service_id}/{account}/{login}/authenticate Gets a short-lived access token for users and hosts using their LDAP identity to access the Conjur API.
AuthenticationApi getAccessTokenViaOIDC POST /authn-oidc/{service_id}/{account}/authenticate Gets a short-lived access token for applications using OpenID Connect (OIDC) to access the Conjur API.
AuthenticationApi k8sInjectClientCert POST /authn-k8s/{service_id}/inject_client_cert For applications running in Kubernetes; sends Conjur a certificate signing request (CSR) and requests a client certificate injected into the application's Kubernetes pod.
AuthenticationApi rotateApiKey PUT /authn/{account}/api_key Rotates a role's API key.
CertificateAuthorityApi sign POST /ca/{account}/{service_id}/sign Gets a signed certificate from the configured Certificate Authority service.
HostFactoryApi createHost POST /host_factories/hosts Creates a Host using the Host Factory.
HostFactoryApi createToken POST /host_factory_tokens Creates one or more host identity tokens.
HostFactoryApi revokeToken DELETE /host_factory_tokens/{token} Revokes a token, immediately disabling it.
PoliciesApi loadPolicy POST /policies/{account}/policy/{identifier} Adds data to the existing Conjur policy.
PoliciesApi replacePolicy PUT /policies/{account}/policy/{identifier} Loads or replaces a Conjur policy document.
PoliciesApi updatePolicy PATCH /policies/{account}/policy/{identifier} Modifies an existing Conjur policy.
PublicKeysApi showPublicKeys GET /public_keys/{account}/{kind}/{identifier} Shows all public keys for a resource.
ResourcesApi showResource GET /resources/{account}/{kind}/{identifier} Shows a description of a single resource.
ResourcesApi showResourcesForAccount GET /resources/{account} Lists resources within an organization account.
ResourcesApi showResourcesForAllAccounts GET /resources Lists resources within an organization account.
ResourcesApi showResourcesForKind GET /resources/{account}/{kind} Lists resources of the same kind within an organization account.
RolesApi addMemberToRole POST /roles/{account}/{kind}/{identifier} Update or modify an existing role membership
RolesApi removeMemberFromRole DELETE /roles/{account}/{kind}/{identifier} Deletes an existing role membership
RolesApi showRole GET /roles/{account}/{kind}/{identifier} Get role information
SecretsApi createSecret POST /secrets/{account}/{kind}/{identifier} Creates a secret value within the specified variable.
SecretsApi getSecret GET /secrets/{account}/{kind}/{identifier} Fetches the value of a secret from the specified Secret.
SecretsApi getSecrets GET /secrets Fetch multiple secrets
StatusApi getAuthenticators GET /authenticators Details about which authenticators are on the Conjur Server
StatusApi getGCPAuthenticatorStatus GET /authn-gcp/{account}/status Details whether an authentication service has been configured properly
StatusApi getServiceAuthenticatorStatus GET /{authenticator}/{service_id}/{account}/status Details whether an authentication service has been configured properly
StatusApi whoAmI GET /whoami Provides information about the client making an API request.

Documentation for Models

Documentation for Authorization

basicAuth

  • Type: HTTP basic authentication

conjurAuth

  • Type: API key
  • API key parameter name: Authorization
  • Location: HTTP header

conjurKubernetesMutualTls

  • Type: HTTP basic authentication
Clone this wiki locally