Enterprise Recon v1 API

Add Target Credentials

This section provides example requests for adding a new credential set using the Enterprise Recon API.

POST

https://er-master:8339/v1/credentials

Refer to the following server and cloud Targets for more information:

Network Storage Locations - Windows Share

To add a credential set for Windows Share Targets, define the following fields in the request body:

  • label: A descriptive label for the Windows Share credential set.
  • username: Windows user name. <domain\username> or <target_hostname\username>, depending on whether Active Directory (AD) authentication is required.
  • password: Password for the provided Windows user name.
  • cert_name: (Optional) Name of the private key file that is associated with the Windows Share Target host. Only required for Target hosts that use a public key-based authentication method.
  • cert_file: Base64 encoded string of the contents of the private key file.
  • type: Server.

Sample Request

cURL 
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "label": "Credentials-for-Windows-Share-Target",
  "username": "example\\userA",
  "password": "Password123",
  "cert_name": "my-ssh-key.pem",
  "cert_file": "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZB...",
  "type": "Server"
}'

Network Storage Locations - Remote Access via SSH

To add a credential set for Remote Access via SSH Targets, define the following fields in the request body:

  • label: A descriptive label for the Remote Access via SSH credential set.
  • username: Remote host user name.
  • password: Remote host user password, or passphrase for the private key (password protected). Leave blank if using a non-password protected private key.
  • cert_name: Name of the private key file that is associated with the Remote Access via SSH Target host.
  • cert_file: Base64 encoded string of the contents of the private key file.
  • type: Server.

Sample Request

cURL 
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "label": "Credentials-for-Remote-SSH-Target",
  "username": "root",
  "password": "Password123",
  "cert_name": "my-ssh-key.pem",
  "cert_file": "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZB...",
  "type": "Server"
}'

Box Inc

To add a credential set for Box Inc Targets, define the following fields in the request body:

  • label: A descriptive label for the Box credential set.
  • username: Not required for Box Targets.
  • password: Not required for Box Targets.
  • cert_name: Name of the JSON configuration file.
  • cert_file: Base64 encoded string of the contents of the JSON configuration file.
  • type: Box.

Sample Request

cURL 
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "label": "Credentials-for-Box-Target",
  "cert_name": "example-app-box-domain.json",
  "cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
  "type": "Box Inc"
}'

Google Cloud Storage

To add a credential set for Google Cloud Storage Targets, define the following fields in the request body:

  • label: A descriptive label for the Google Cloud Storage credential set.
  • username: Google Cloud Storage service account email address with access to the Google Cloud Storage project to be scanned.
  • password: Not required for Google Cloud Storage Targets.
  • cert_name: Name of the JSON private key file that is associated with the Google Cloud Storage service account.
  • cert_file: Base64 encoded string of the contents of the JSON private key file.
  • type: Google Cloud Storage.

Sample Request

cURL 
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "label": "Credentials-for-GCS-Project-ID",
  "username": "enterprise-recon-sa@project-id.iam.gserviceaccount.com",
  "cert_name": "my-project-id-private-key-file.json",
  "cert_file": "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZB...",
  "type": "Google Cloud Storage"
}'

Microsoft Office - Exchange Online

To add a credential set for Exchange Online Targets, define the following fields in the request body:

  • label: A descriptive label for the Exchange Online credential set.

  • username: Client ID for the registered Enterprise Recon app.

  • password: Client Secret for the registered Enterprise Recon app.

  • cert_name: Tenant ID for the registered Enterprise Recon app.

  • cert_file: Base64 encoded string of the tenant ID for the registered Enterprise Recon app.

  • type: Exchange Online.

Sample Request

cURL 
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "label": "Credentials-for-Exchange-Online-Target",
  "username": "clientid1234abcd-56ef-78gh-90ij-1234",
  "password": "clientsecretabcdefghij0123456789klmnopqrst0",
  "cert_name": "tenantid12345678-abcd-9012-efgh-ijkl",
  "cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
  "type": "Exchange Online"
}'

Microsoft Office - Microsoft OneNote

To add a credential set for Microsoft OneNote Targets, define the following fields in the request body:

  • label: A descriptive label for the Microsoft OneNote credential set.

  • username: Client ID for the registered Enterprise Recon app.

  • password: Client Secret for the registered Enterprise Recon app.

  • cert_name: Tenant ID for the registered Enterprise Recon app.

  • cert_file: Base64 encoded string of the tenant ID for the registered Enterprise Recon app.

  • type: Microsoft OneNote.

Sample Request

cURL 
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "label": "Credentials-for-Microsoft-OneNote-Target",
  "username": "clientid1234abcd-56ef-78gh-90ij-1234",
  "password": "clientsecretabcdefghij0123456789klmnopqrst0",
  "cert_name": "tenantid12345678-abcd-9012-efgh-ijkl",
  "cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
  "type": "Microsoft OneNote"
}'

Microsoft Office - Microsoft Teams

To add a credential set for Microsoft Teams Targets, define the following fields in the request body:

  • label: A descriptive label for the Microsoft Teams credential set.

  • username: Client ID for the registered Enterprise Recon app.

  • password: Client Secret for the registered Enterprise Recon app.

  • cert_name: Tenant ID for the registered Enterprise Recon app.

  • cert_file: Base64 encoded string of the tenant ID for the registered Enterprise Recon app.

  • type: Microsoft Teams.

Sample Request

cURL 
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "label": "Credentials-for-Microsoft-Teams-Target",
  "username": "clientid1234abcd-56ef-78gh-90ij-1234",
  "password": "clientsecretabcdefghij0123456789klmnopqrst0",
  "cert_name": "tenantid12345678-abcd-9012-efgh-ijkl",
  "cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
  "type": "Microsoft Teams"
}'

Microsoft Office - OneDrive Business

To add a credential set for OneDrive Business Targets, define the following fields in the request body:

  • label: A descriptive label for the OneDrive Business credential set.

  • username: Client ID for the registered Enterprise Recon app.

  • password: Client Secret for the registered Enterprise Recon app.

  • cert_name: Tenant ID for the registered Enterprise Recon app.

  • cert_file: Base64 encoded string of the tenant ID for the registered Enterprise Recon app.

  • type: OneDrive Business.

Sample Request

cURL 
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "label": "Credentials-for-OneDrive-Business-Target",
  "username": "clientid1234abcd-56ef-78gh-90ij-1234",
  "password": "clientsecretabcdefghij0123456789klmnopqrst0",
  "cert_name": "tenantid12345678-abcd-9012-efgh-ijkl",
  "cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
  "type": "OneDrive Business"
}'

Microsoft Office - SharePoint Online

To add a credential set for SharePoint Online Targets, define the following fields in the request body:

  • label: A descriptive label for the SharePoint Online credential set.
  • username: Client ID for the registered SharePoint Add-in.
  • password: Client Secret for the registered SharePoint Add-in.
  • cert_name: Tenant ID for the registered SharePoint Add-in.
  • cert_file: Base64 encoded string of the tenant ID for the registered SharePoint Add-in.
  • type: SharePoint Online.

Sample Request

cURL 
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "label": "Credentials-for-SharePoint-Online-Target",
  "username": "clientid1234abcd-56ef-78gh-90ij-1234",
  "password": "clientsecretabcdefghij0123456789klmnopqrst0",
  "cert_name": "tenantid12345678-abcd-9012-efgh-ijkl",
  "cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
  "type": "SharePoint Online"
}'

Salesforce

To add a credential set for Salesforce Targets, define the following fields in the request body:

  • label: A descriptive label for the Salesforce credential set.
  • username: Salesforce account with access to the Enterprise Recon connected app and minimum "Read" permissions for the Salesforce Objects to be scanned.
  • password: Consumer Key for the Enterprise Recon connected app.
  • cert_name: Name of the private key file.
  • cert_file: Base64 encoded string of the contents of the private key file.
  • type: Salesforce.

Sample Request

cURL 
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "label": "Credentials-for-Salesforce-Target",
  "username": "admin@example.com",
  "password": "1234567890.ConsumerKeyForTheEnterpriseReconConnectedApp...",
  "cert_name": "er-salesforce.key",
  "cert_file": "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZB...",
  "type": "Salesforce"
}'