Endpoints in the Outpost REST API

This version of BMC Discovery Outpost supports versions 1.8 of the REST API. Higher versions are always backwards compatible with earlier versions.

The base URL for the latest API version is:

https://outpost_name/api/v1.8

Related topics

Importing data into the system - POST /data/import

Writing and modifying data in the system - POST /data/write

credentials

Manage credentials. Index is used to order credentials, lower to higher.

{{status subtle="false" colour="Blue" title="GET"/}}

 /vault/credential_types
Click here to expand...
Description

Get a list of all credential types and filter by group and/or category.

Parameters

Name

Located in

Description

Default

Schema

group

query

Filter credential types by group


string

category

query

Filter credential types by category


string

Responses

Code

Description

Schema

200

successful operation

[
  credentialType {
   name: string*
   label: string*
   description: string*
   groups: [
     string
   ]*
   categories: [
     string
   ]*
   uri: string*
 }
]

{{status subtle="false" colour="Blue" title="GET"/}}

 /vault/credential_types/{cred_type_name}
Click here to expand...
Parameters

Name

Located in

Description

Default

Schema

cred_type_name

path

Name of the credential type


string*

Responses

Code

Description

Schema

200

successful operation

credentialType {
 name: string*
 label: string*
 description: string*
 groups: [
   string
 ]*
 categories: [
   string
 ]*
 uri: string*
}

{{status subtle="false" colour="Blue" title="GET"/}}

 /vault/credentials
Click here to expand...
Responses

Code

Description

Schema

200

successful operation

[
  credential {
   A credential can be used for one or more types of access, with the 'types' field listing all the access types a credential applies to. See the /vault/credential_types endpoint for a list of types. The access types determine which fields from this object will be populated. Also, credentials used to access cloud providers may contain additional fields to those listed here. Look up your chosen cloud provider with the /discovery/cloud_metadata endpoint to see a list of fields.

   index: int64
   enabled: boolean
   username: string
   password: string
   label: string
   description: string
   ip_range: string
   ip_exclusion: string
   scopes: [
     string
   ]
   types: [
     string
   ]*
   internal.valid: boolean
   internal.secondary: boolean
   internal.created: date-time
   internal.modified: date-time
   internal.messages: [
     string
   ]
   su.enabled: boolean
   su.username: string
   su.password: string
   shell.record: boolean
   shell.prompt: string
   shell.force_subshell: boolean
   vsphere.port: int64
   vsphere.timeout: int64
   vcenter.port: int64
   vcenter.timeout: int64
   windows.port: int64
   telnet.port: int64
   telnet.timeout: int64
   rlogin.port: int64
   rlogin.timeout: int64
   cimc.port: int64
   cimc.timeout: int64
   ribcl.port: int64
   ribcl.timeout: int64
   vplex.port: int64
   vplex.timeout: int64
   ssh.port: int64
   ssh.timeout: int64
   ssh.prefauth: [
     string
   ]
   ssh.key.set: boolean
   ssh.key.passphrase: string
   ssh.key.data: string
   kerberos.realm: string
   snmp.port: int64
   snmp.timeout: int64
   snmp.version: string
   snmp.retries: int64
   snmp.getbulk: boolean
   snmp.community: string
   snmp.v3.privkey: string
   snmp.v3.authkey: string
   snmp.v3.privproto: string
   snmp.v3.securityname: string
   snmp.v3.context: string
   snmp.v3.authproto: string
   wbem.http.port: int64
   wbem.https.port: int64
   wbem.http.enabled: boolean
   wbem.https.enabled: boolean
   wbem.timeout: int64
   mainframe_agent.port: int64
   mainframe_agent.timeout: int64
   uuid: string
   uri: string
   web_basic.timeout: int64
   web_basic.http.enabled: boolean
   web_digest.timeout: int64
   web_digest.http.enabled: boolean
   web_oauth2.timeout: int64
   web_oauth2.token_endpoint: string
   web_oauth2.http.enabled: boolean
 }
]

{{status subtle="false" colour="Green" title="POST"/}}

 /vault/credentials
Click here to expand...
Description
New in version 1.1 - added support for cloud credentials.
New in version 1.2 - added support for API credentials.
Parameters

Name

Located in

Description

Default

Schema

body

body

Credential to be added. Note that a default label is generated if no label is provided. If no ip_range is provided, the credential will be created to match all IPs (0.0.0.0/0,::/0).


credentialInput {
 A credential can be used for one or more types of access, with the 'types' field listing all the access types a credential applies to. See the /vault/credential_types endpoint for a list of types. Different access types require different fields from this object to be populated when creating or updating a credential. Also, credentials used to access cloud providers may require additional fields to those listed here. Look up your chosen cloud provider with the /discovery/cloud_metadata endpoint to see a list of fields.

 index: int64
 enabled: boolean
 username: string
 password: string
 label: string
 description: string
 ip_range: string
 ip_exclusion: string
 scopes: [
   string
 ]
 types: [
   string
 ]
 su.enabled: boolean
 su.username: string
 su.password: string
 shell.record: boolean
 shell.prompt: string
 shell.force_subshell: boolean
 vsphere.port: int64
 vsphere.timeout: int64
 vcenter.port: int64
 vcenter.timeout: int64
 windows.port: int64
 telnet.port: int64
 telnet.timeout: int64
 rlogin.port: int64
 rlogin.timeout: int64
 cimc.port: int64
 cimc.timeout: int64
 ribcl.port: int64
 ribcl.timeout: int64
 vplex.port: int64
 vplex.timeout: int64
 ssh.port: int64
 ssh.timeout: int64
 ssh.prefauth: [
   string
 ]
 ssh.key.set: boolean
 ssh.key.passphrase: string
 ssh.key.data: string
 kerberos.realm: string
 snmp.port: int64
 snmp.timeout: int64
 snmp.version: string
 snmp.retries: int64
 snmp.getbulk: boolean
 snmp.community: string
 snmp.v3.privkey: string
 snmp.v3.authkey: string
 snmp.v3.privproto: string
 snmp.v3.securityname: string
 snmp.v3.context: string
 snmp.v3.authproto: string
 wbem.http.port: int64
 wbem.https.port: int64
 wbem.http.enabled: boolean
 wbem.https.enabled: boolean
 wbem.timeout: int64
 mainframe_agent.port: int64
 mainframe_agent.timeout: int64
 web_basic.timeout: int64
 web_basic.http.enabled: boolean
 web_digest.timeout: int64
 web_digest.http.enabled: boolean
 web_oauth2.timeout: int64
 web_oauth2.token_endpoint: string
 web_oauth2.http.enabled: boolean
}

Responses

Code

Description

Schema

200

successful operation

{
 uuid: string*
 uri: string*
}

{{status subtle="false" colour="Blue" title="GET"/}}

 /vault/credentials/{cred_id}
Click here to expand...
Parameters

Name

Located in

Description

Default

Schema

cred_id

path

ID of the credential


string*

Responses

Code

Description

Schema

200

successful operation

credential {
 A credential can be used for one or more types of access, with the 'types' field listing all the access types a credential applies to. See the /vault/credential_types endpoint for a list of types. The access types determine which fields from this object will be populated. Also, credentials used to access cloud providers may contain additional fields to those listed here. Look up your chosen cloud provider with the /discovery/cloud_metadata endpoint to see a list of fields.

 index: int64
 enabled: boolean
 username: string
 password: string
 label: string
 description: string
 ip_range: string
 ip_exclusion: string
 scopes: [
   string
 ]
 types: [
   string
 ]*
 internal.valid: boolean
 internal.secondary: boolean
 internal.created: date-time
 internal.modified: date-time
 internal.messages: [
   string
 ]
 su.enabled: boolean
 su.username: string
 su.password: string
 shell.record: boolean
 shell.prompt: string
 shell.force_subshell: boolean
 vsphere.port: int64
 vsphere.timeout: int64
 vcenter.port: int64
 vcenter.timeout: int64
 windows.port: int64
 telnet.port: int64
 telnet.timeout: int64
 rlogin.port: int64
 rlogin.timeout: int64
 cimc.port: int64
 cimc.timeout: int64
 ribcl.port: int64
 ribcl.timeout: int64
 vplex.port: int64
 vplex.timeout: int64
 ssh.port: int64
 ssh.timeout: int64
 ssh.prefauth: [
   string
 ]
 ssh.key.set: boolean
 ssh.key.passphrase: string
 ssh.key.data: string
 kerberos.realm: string
 snmp.port: int64
 snmp.timeout: int64
 snmp.version: string
 snmp.retries: int64
 snmp.getbulk: boolean
 snmp.community: string
 snmp.v3.privkey: string
 snmp.v3.authkey: string
 snmp.v3.privproto: string
 snmp.v3.securityname: string
 snmp.v3.context: string
 snmp.v3.authproto: string
 wbem.http.port: int64
 wbem.https.port: int64
 wbem.http.enabled: boolean
 wbem.https.enabled: boolean
 wbem.timeout: int64
 mainframe_agent.port: int64
 mainframe_agent.timeout: int64
 uuid: string
 uri: string
 web_basic.timeout: int64
 web_basic.http.enabled: boolean
 web_digest.timeout: int64
 web_digest.http.enabled: boolean
 web_oauth2.timeout: int64
 web_oauth2.token_endpoint: string
 web_oauth2.http.enabled: boolean
}

{{status subtle="false" colour="Yellow" title="PUT"/}}

 /vault/credentials/{cred_id}
Click here to expand...
Description

Replaces a single credential. All required credential properties must be present. Optional properties that are missing will be reset to their defaults.

Parameters

Name

Located in

Description

Default

Schema

cred_id

path

ID of the credential


string*

body

body

Credential properties


credentialInput {
 A credential can be used for one or more types of access, with the 'types' field listing all the access types a credential applies to. See the /vault/credential_types endpoint for a list of types. Different access types require different fields from this object to be populated when creating or updating a credential. Also, credentials used to access cloud providers may require additional fields to those listed here. Look up your chosen cloud provider with the /discovery/cloud_metadata endpoint to see a list of fields.

 index: int64
 enabled: boolean
 username: string
 password: string
 label: string
 description: string
 ip_range: string
 ip_exclusion: string
 scopes: [
   string
 ]
 types: [
   string
 ]
 su.enabled: boolean
 su.username: string
 su.password: string
 shell.record: boolean
 shell.prompt: string
 shell.force_subshell: boolean
 vsphere.port: int64
 vsphere.timeout: int64
 vcenter.port: int64
 vcenter.timeout: int64
 windows.port: int64
 telnet.port: int64
 telnet.timeout: int64
 rlogin.port: int64
 rlogin.timeout: int64
 cimc.port: int64
 cimc.timeout: int64
 ribcl.port: int64
 ribcl.timeout: int64
 vplex.port: int64
 vplex.timeout: int64
 ssh.port: int64
 ssh.timeout: int64
 ssh.prefauth: [
   string
 ]
 ssh.key.set: boolean
 ssh.key.passphrase: string
 ssh.key.data: string
 kerberos.realm: string
 snmp.port: int64
 snmp.timeout: int64
 snmp.version: string
 snmp.retries: int64
 snmp.getbulk: boolean
 snmp.community: string
 snmp.v3.privkey: string
 snmp.v3.authkey: string
 snmp.v3.privproto: string
 snmp.v3.securityname: string
 snmp.v3.context: string
 snmp.v3.authproto: string
 wbem.http.port: int64
 wbem.https.port: int64
 wbem.http.enabled: boolean
 wbem.https.enabled: boolean
 wbem.timeout: int64
 mainframe_agent.port: int64
 mainframe_agent.timeout: int64
 web_basic.timeout: int64
 web_basic.http.enabled: boolean
 web_digest.timeout: int64
 web_digest.http.enabled: boolean
 web_oauth2.timeout: int64
 web_oauth2.token_endpoint: string
 web_oauth2.http.enabled: boolean
}

Responses

Code

Description

Schema

200

successful operation


{{status subtle="false" colour="Yellow" title="PATCH"/}}

 /vault/credentials/{cred_id}
Click here to expand...
Description

Updates partial resources of a credential. Missing properties are left unchanged.

New in version 1.1 - added support for cloud credentials.
New in version 1.2 - added support for API credentials.
Parameters

Name

Located in

Description

Default

Schema

cred_id

path

ID of the credential


string*

body

body

Credential properties


credentialInput {
 A credential can be used for one or more types of access, with the 'types' field listing all the access types a credential applies to. See the /vault/credential_types endpoint for a list of types. Different access types require different fields from this object to be populated when creating or updating a credential. Also, credentials used to access cloud providers may require additional fields to those listed here. Look up your chosen cloud provider with the /discovery/cloud_metadata endpoint to see a list of fields.

 index: int64
 enabled: boolean
 username: string
 password: string
 label: string
 description: string
 ip_range: string
 ip_exclusion: string
 scopes: [
   string
 ]
 types: [
   string
 ]
 su.enabled: boolean
 su.username: string
 su.password: string
 shell.record: boolean
 shell.prompt: string
 shell.force_subshell: boolean
 vsphere.port: int64
 vsphere.timeout: int64
 vcenter.port: int64
 vcenter.timeout: int64
 windows.port: int64
 telnet.port: int64
 telnet.timeout: int64
 rlogin.port: int64
 rlogin.timeout: int64
 cimc.port: int64
 cimc.timeout: int64
 ribcl.port: int64
 ribcl.timeout: int64
 vplex.port: int64
 vplex.timeout: int64
 ssh.port: int64
 ssh.timeout: int64
 ssh.prefauth: [
   string
 ]
 ssh.key.set: boolean
 ssh.key.passphrase: string
 ssh.key.data: string
 kerberos.realm: string
 snmp.port: int64
 snmp.timeout: int64
 snmp.version: string
 snmp.retries: int64
 snmp.getbulk: boolean
 snmp.community: string
 snmp.v3.privkey: string
 snmp.v3.authkey: string
 snmp.v3.privproto: string
 snmp.v3.securityname: string
 snmp.v3.context: string
 snmp.v3.authproto: string
 wbem.http.port: int64
 wbem.https.port: int64
 wbem.http.enabled: boolean
 wbem.https.enabled: boolean
 wbem.timeout: int64
 mainframe_agent.port: int64
 mainframe_agent.timeout: int64
 web_basic.timeout: int64
 web_basic.http.enabled: boolean
 web_digest.timeout: int64
 web_digest.http.enabled: boolean
 web_oauth2.timeout: int64
 web_oauth2.token_endpoint: string
 web_oauth2.http.enabled: boolean
}

Responses

Code

Description

Schema

200

successful operation


{{status subtle="false" colour="Red" title="DELETE"/}}

 /vault/credentials/{cred_id}
Click here to expand...
Description

Deletes a specific credential.

Parameters

Name

Located in

Description

Default

Schema

cred_id

path

ID of the credential


string*

Responses

Code

Description

Schema

200

successful operation


kerberos

Manage Kerberos resources

{{status subtle="false" colour="Blue" title="GET"/}}

 /vault/kerberos/realms
Click here to expand...
Description

Retrieve all available realms

New in version 1.3
Responses

Code

Description

Schema

200

A list of all available realms

realmsResponse {
 can_write: boolean*
 Whether or not the user can edit realms

 realms: [
   A list of all available realms

    realmResponse {
     admin_server: string*
     The address (IP or DNS name) of the admin server

     admin_port: integer*
     The port of the admin server

     kdc: string*
     The address (IP or DNS name) of the KDC

     kdc_port: integer*
     The port of the KDC

     name: string*
     The name of the realm

     number_of_keytabs: integer*
     The number of users with keytabs

     number_of_ccaches: integer*
     The number of users with ccaches

     number_of_credentials: integer*
     The number of credentials using the realm

     number_of_datasources: integer*
     The number of data sources using the realm
   }
 ]*
}

{{status subtle="false" colour="Blue" title="GET"/}}

 /vault/kerberos/realms/{realm_name}
Click here to expand...
Description

Retrieve a Kerberos realm by name

New in version 1.3
Parameters

Name

Located in

Description

Default

Schema

realm_name

path

The name of the realm


string*

Responses

Code

Description

Schema

200

A list of realms

[
  realmResponse {
   admin_server: string*
   The address (IP or DNS name) of the admin server

   admin_port: integer*
   The port of the admin server

   kdc: string*
   The address (IP or DNS name) of the KDC

   kdc_port: integer*
   The port of the KDC

   name: string*
   The name of the realm

   number_of_keytabs: integer*
   The number of users with keytabs

   number_of_ccaches: integer*
   The number of users with ccaches

   number_of_credentials: integer*
   The number of credentials using the realm

   number_of_datasources: integer*
   The number of data sources using the realm
 }
]

{{status subtle="false" colour="Green" title="POST"/}}

 /vault/kerberos/realms/{realm_name}
Click here to expand...
Description

Create a Kerberos realm

New in version 1.3
Parameters

Name

Located in

Description

Default

Schema

realm_name

path

The name of the realm


string*

body

body

Values to create a new realm


KerberosInput {
 admin_server: string
 The address (IP or DNS name) of the admin server

 admin_port: integer
 The port of the admin server

 kdc: string*
 The address (IP or DNS name) of the KDC

 kdc_port: integer
 The port of the KDC
}

Responses

Code

Description

Schema

200

Successful operation

realmResponse {
 admin_server: string*
 The address (IP or DNS name) of the admin server

 admin_port: integer*
 The port of the admin server

 kdc: string*
 The address (IP or DNS name) of the KDC

 kdc_port: integer*
 The port of the KDC

 name: string*
 The name of the realm

 number_of_keytabs: integer*
 The number of users with keytabs

 number_of_ccaches: integer*
 The number of users with ccaches

 number_of_credentials: integer*
 The number of credentials using the realm

 number_of_datasources: integer*
 The number of data sources using the realm
}

{{status subtle="false" colour="Yellow" title="PATCH"/}}

 /vault/kerberos/realms/{realm_name}
Click here to expand...
Description

Update a Kerberos realm

New in version 1.3
Parameters

Name

Located in

Description

Default

Schema

realm_name

path

The name of the realm


string*

body

body

Values to update a realm


KerberosInput {
 admin_server: string
 The address (IP or DNS name) of the admin server

 admin_port: integer
 The port of the admin server

 kdc: string*
 The address (IP or DNS name) of the KDC

 kdc_port: integer
 The port of the KDC
}

Responses

Code

Description

Schema

200

Successful operation

realmResponse {
 admin_server: string*
 The address (IP or DNS name) of the admin server

 admin_port: integer*
 The port of the admin server

 kdc: string*
 The address (IP or DNS name) of the KDC

 kdc_port: integer*
 The port of the KDC

 name: string*
 The name of the realm

 number_of_keytabs: integer*
 The number of users with keytabs

 number_of_ccaches: integer*
 The number of users with ccaches

 number_of_credentials: integer*
 The number of credentials using the realm

 number_of_datasources: integer*
 The number of data sources using the realm
}

{{status subtle="false" colour="Red" title="DELETE"/}}

 /vault/kerberos/realms/{realm_name}
Click here to expand...
Description

Delete a Kerberos realm

New in version 1.3
Parameters

Name

Located in

Description

Default

Schema

realm_name

path

The name of the realm


string*

Responses

Code

Description

Schema

200

Successful operation


{{status subtle="false" colour="Green" title="POST"/}}

 /vault/kerberos/realms/{realm_name}/test
Click here to expand...
Description

Test user credentials by attempting to acquire a new Kerberos Ticket Granting Ticket (TGT)

New in version 1.3
Parameters

Name

Located in

Description

Default

Schema

realm_name

path

The name of the realm


string*

body

body

kuser credentials to get a Kerberos ticket


KerberosUserInput {
 principal: string*
 Name of user principal for the test

 password: string*
 Password of user principal for the test
}

Responses

Code

Description

Schema

200

Successful operation


{{status subtle="false" colour="Blue" title="GET"/}}

 /vault/kerberos/realms/{realm_name}/keytabs
Click here to expand...
Description

Return a list of users with a Kerberos keytab file

New in version 1.3
Parameters

Name

Located in

Description

Default

Schema

realm_name

path

The name of the realm


string*

Responses

Code

Description

Schema

200

A list of users with keytabs

[
 string
]

{{status subtle="false" colour="Green" title="POST"/}}

 /vault/kerberos/realms/{realm_name}/keytabs
Click here to expand...
Description

Upload a Kerberos keytab file

New in version 1.3
Parameters

Name

Located in

Description

Default

Schema

realm_name

path

The name of the realm


string*

username

formData

name of the user


string*

keytab

formData



file*

Responses

Code

Description

Schema

200

Successful operation


{{status subtle="false" colour="Red" title="DELETE"/}}

 /vault/kerberos/realms/{realm_name}/keytabs/{username}
Click here to expand...
Description

Delete the keytab file for a user

New in version 1.3
Parameters

Name

Located in

Description

Default

Schema

realm_name

path

The name of the realm


string*

username

path

The user name


string*

Responses

Code

Description

Schema

200

successful operation


{{status subtle="false" colour="Blue" title="GET"/}}

 /vault/kerberos/realms/{realm_name}/ccaches
Click here to expand...
Description

Return a list of users with a Kerberos credential cache file

New in version 1.3
Parameters

Name

Located in

Description

Default

Schema

realm_name

path

The name of the realm


string*

Responses

Code

Description

Schema

200

A list of users with ccaches

[
 string
]

{{status subtle="false" colour="Green" title="POST"/}}

 /vault/kerberos/realms/{realm_name}/ccaches
Click here to expand...
Description

Upload a Kerberos credential cache file

New in version 1.3
Parameters

Name

Located in

Description

Default

Schema

realm_name

path

The name of the realm


string*

username

formData

name of the user


string*

ccache

formData



file*

Responses

Code

Description

Schema

200

Successful operation


{{status subtle="false" colour="Red" title="DELETE"/}}

 /vault/kerberos/realms/{realm_name}/ccaches/{username}
Click here to expand...
Description

Deletes the credential cache file for a user

New in version 1.3
Parameters

Name

Located in

Description

Default

Schema

realm_name

path

The name of the realm


string*

username

path

The user name


string*

Responses

Code

Description

Schema

200

successful operation


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*