This tutorial will show you how to use PHP to access the BeyondTrust PowerBroker API. BeyondTrust offers a free enterprise password API to application developers.
I’ll make a sample PHP rest call with the Guzzle rest client. The PHP rest call will retrieve the session-id and use it to access another beyondTrust rest call.
Beyondtrust’s integrated privileged access management platform provides you with complete visibility and control over the passwords, endpoints, and servers that stand between attackers and your critical data.
The free Beyondtrust PowerBroker Password Safe API is intended to improve security for all applications that require a user or application to enter static credentials for normal operations. Developers can use the PowerBroker Password Safe API to retrieve the most recent credentials for a user, application, infrastructure, cloud solution, or database in order to authenticate and release the credentials when the session ends.
We will register into beoundTrust and get an Authorization code, we will use this auth code in a subsequent call to access BeyondTrust resources using Rest API.
How to Access Session id Using BeyondTrust API
I’m using the guzzle rest client to get the cookie session id from the BeyondTrust rest API. I’m assuming you have a base rest API URL, such as 'beyond trust/api/public/v3'. We’ll create a guzzle instance using your rest API hostname and authorization token. We will add Authorization to the rest client header and set the Content-Type to application/json.
require_once 'vendor/autoload.php';
use GuzzleHttp\Client;
$token = 'XXXXXXXXXX';
$client = new Client([
// Base URI is used with relative requests
'base_uri' => 'restapi url', //https://api.domain.com/api/public/v3/
// You can set any number of default request options.
'timeout' => 2.0,
'headers' => ['Authorization' => $token, 'Content-Type' => 'application/json', "Accept" => "application/json"],
//ssl false
'verify' => false
]);
Please change the Authorization string as per your REST API credentials.The parameters are:
$token : This variable will contains an authorization string of BeyondTrust rest API.base_uri : The BeyondTrust API host API URL path.headers : This will contains request header parameters.timeout : Request timeout in sec.verify : SSL verification false.
We will call session id using HTTP POST 'Auth/SignAppin' rest call.
$response = $client->post('Auth/SignAppin');
echo $response->getBody()->getContents();
The response would be like the below:
{
"UserId": X,
"SID": "XXXX",
"EmailAddress": "restapi2example@gmail.com",
"UserName": "Rachel",
"Name": "Rachel jim"
}
We’ll now create a new GET rest call to access workgroups using ‘/Workgroups’ endpoints.
$response = $client->get('Workgroups');
echo $response->getBody()->getContents();
I hope you now understand how to use the BeyondTrust Power Broker API. You can integrate the beyond-trust API with any programming language, such as java,.net, or nodejs.