In a VFC system numerous entities exist containing credential type data. The endpoints covered in this articles allow to change the credentials programmatically. With the following functionality custom integrator application can be implemented to rotate passwords of the different entities from a common password vault solution. With this approach the common technical account password leakage or sharing can be prevented. This article introduces how these credentials can be managed via the v1 REST API.
The applications that manages credentials in the system the following actions are required:
Listing entities: to identify the existing entities.
Retrieve one entity by ID: to fetch the latest public values of an entity.
Modify properties of an entity: to actually change the credentials such as the password. Not every property of an entity can be updated. The allowed properties are listed in the REST API documentation site for every update endpoint.
Verify the password change: to send the known plain password to the system and retrieve a true or false value based on the sent plain password matches with the currently stored value. After a certain number of failed verification attempts the system blocks the API user from further requests to prevent password guessing.
The following sections cover descriptions and examples how the credential management can be achieved for the different entities.
The following examples require a valid access token. To acquire an access token, use the Authentication endpoint. The different examples may require different permissions. Please, be aware to always use an access token that was acquired by a user with the right permissions. |
The non synchronized user entities have an updateable password field that can be modified with the API. The sensitive password is stored in an encrypted format in the database. With the API neither the plain nor the encrypted password cannot be retrieved.