Test scenario

To get started with this basic API integration, follow the steps below.

  1. Log into your BeyondTrust administrative interface and go to Management > API Configuration. Check the box to Enable XML API.
  2. Create an API account and copy the client secret. This secret can be viewed only once and must be regenerated if lost.
    OAuth Client ID: e52a9aa6fc0508ddf3a40601a736b230a1bebcd1
    OAuth Client Secret: BU5u0fVEb1qEWuHdBK9AR6q9+O1CB26squ1susfJ0LsK
  3. It is necessary to base64 encode these values ("Client ID:Client Secret") for use in the authorization header.
    Base64 Encoded: ZTUyYTlhYTZmYzA1MDhkZGYzYTQwNjAxYTczNmIyMzBhMWJlYmNkMTpCVTV1MGZWRWIxcUVXdUhkQks5QVI2cTkrTzFDQjI2c3F1MXN1c2ZKMExzSw==
  4. We will use cURL to illustrate generating a token using a BeyondTrust API account and using that token to make requests to the BeyondTrust web API.
    • First, we request a Bearer Token using the OAuth client ID and client secret.
      curl -H "authorization: Basic ZTUyYTlhYTZmYzA1MDhkZGYzYTQwNjAxYTczNmIyMzBhMWJlYmNkMTpCVTV1MGZWRWIxcUVXdUhkQks5QVI2cTkrTzFDQjI2c3F1MXN1c2ZKMExzSw==" --data "grant_type=client_credentials" https://access.example.com/oauth2/token
    • This results in a JSON response containing the bearer token.
      {
          "access_token":"23MS6S2L42WCriESVzGbuwwsiQwdbxuAJ3Zj4DxO",
          "token_type":"Bearer",
          "expires_in":3600
      }
    • We can now use that token to make a request to the API.
      curl -H "authorization: Bearer 23MS6S2L42WCriESVzGbuwwsiQwdbxuAJ3Zj4DxO" https://access.example.com/api/command?action=get_api_info
    • This results in an XML response for the requested API.

If you receive any errors such as Document Not Found, check that the API account has the necessary permissions. Also, make sure that a user is logged into the site while you are testing.