Enterprise Recon v1 API
Add Target Credentials
This section provides example requests for adding a new credential set using the Enterprise Recon API.
POST
https://er-master:8339/v1/credentials
Refer to the following server and cloud Targets for more information:
- Network Storage Locations - Windows Share
- Network Storage Locations - Remote Access via SSH
- Box Inc
- Google Cloud Storage
- Microsoft Office - Exchange Online
- Microsoft Office - Microsoft OneNote
- Microsoft Office - Microsoft Teams
- Microsoft Office - OneDrive Business
- Microsoft Office - SharePoint Online
- Salesforce
Network Storage Locations - Windows Share
To add a credential set for Windows Share Targets, define the following fields in the request body:
- label: A descriptive label for the Windows Share credential set.
- username: Windows user name. <domain\username> or <target_hostname\username>, depending on whether Active Directory (AD) authentication is required.
- password: Password for the provided Windows user name.
- cert_name: (Optional) Name of the private key file that is associated with the Windows Share Target host. Only required for Target hosts that use a public key-based authentication method.
- cert_file: Base64 encoded string of the contents of the private key file.
- type: Server.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "Credentials-for-Windows-Share-Target",
"username": "example\\userA",
"password": "Password123",
"cert_name": "my-ssh-key.pem",
"cert_file": "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZB...",
"type": "Server"
}'
Network Storage Locations - Remote Access via SSH
To add a credential set for Remote Access via SSH Targets, define the following fields in the request body:
- label: A descriptive label for the Remote Access via SSH credential set.
- username: Remote host user name.
- password: Remote host user password, or passphrase for the private key (password protected). Leave blank if using a non-password protected private key.
- cert_name: Name of the private key file that is associated with the Remote Access via SSH Target host.
- cert_file: Base64 encoded string of the contents of the private key file.
- type: Server.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "Credentials-for-Remote-SSH-Target",
"username": "root",
"password": "Password123",
"cert_name": "my-ssh-key.pem",
"cert_file": "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZB...",
"type": "Server"
}'
Box Inc
To add a credential set for Box Inc Targets, define the following fields in the request body:
- label: A descriptive label for the Box credential set.
- username: Not required for Box Targets.
- password: Not required for Box Targets.
- cert_name: Name of the JSON configuration file.
- cert_file: Base64 encoded string of the contents of the JSON configuration file.
- type: Box.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "Credentials-for-Box-Target",
"cert_name": "example-app-box-domain.json",
"cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
"type": "Box Inc"
}'
Google Cloud Storage
To add a credential set for Google Cloud Storage Targets, define the following fields in the request body:
- label: A descriptive label for the Google Cloud Storage credential set.
- username: Google Cloud Storage service account email address with access to the Google Cloud Storage project to be scanned.
- password: Not required for Google Cloud Storage Targets.
- cert_name: Name of the JSON private key file that is associated with the Google Cloud Storage service account.
- cert_file: Base64 encoded string of the contents of the JSON private key file.
- type: Google Cloud Storage.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "Credentials-for-GCS-Project-ID",
"username": "enterprise-recon-sa@project-id.iam.gserviceaccount.com",
"cert_name": "my-project-id-private-key-file.json",
"cert_file": "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZB...",
"type": "Google Cloud Storage"
}'
Microsoft Office - Exchange Online
To add a credential set for Exchange Online Targets, define the following fields in the request body:
- label: A descriptive label for the Exchange Online credential set.
-
username: Client ID for the registered Enterprise Recon app.
-
password: Client Secret for the registered Enterprise Recon app.
-
cert_name: Tenant ID for the registered Enterprise Recon app.
-
cert_file: Base64 encoded string of the tenant ID for the registered Enterprise Recon app.
- type: Exchange Online.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "Credentials-for-Exchange-Online-Target",
"username": "clientid1234abcd-56ef-78gh-90ij-1234",
"password": "clientsecretabcdefghij0123456789klmnopqrst0",
"cert_name": "tenantid12345678-abcd-9012-efgh-ijkl",
"cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
"type": "Exchange Online"
}'
Microsoft Office - Microsoft OneNote
To add a credential set for Microsoft OneNote Targets, define the following fields in the request body:
- label: A descriptive label for the Microsoft OneNote credential set.
-
username: Client ID for the registered Enterprise Recon app.
-
password: Client Secret for the registered Enterprise Recon app.
-
cert_name: Tenant ID for the registered Enterprise Recon app.
-
cert_file: Base64 encoded string of the tenant ID for the registered Enterprise Recon app.
- type: Microsoft OneNote.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "Credentials-for-Microsoft-OneNote-Target",
"username": "clientid1234abcd-56ef-78gh-90ij-1234",
"password": "clientsecretabcdefghij0123456789klmnopqrst0",
"cert_name": "tenantid12345678-abcd-9012-efgh-ijkl",
"cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
"type": "Microsoft OneNote"
}'
Microsoft Office - Microsoft Teams
To add a credential set for Microsoft Teams Targets, define the following fields in the request body:
- label: A descriptive label for the Microsoft Teams credential set.
-
username: Client ID for the registered Enterprise Recon app.
-
password: Client Secret for the registered Enterprise Recon app.
-
cert_name: Tenant ID for the registered Enterprise Recon app.
-
cert_file: Base64 encoded string of the tenant ID for the registered Enterprise Recon app.
- type: Microsoft Teams.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "Credentials-for-Microsoft-Teams-Target",
"username": "clientid1234abcd-56ef-78gh-90ij-1234",
"password": "clientsecretabcdefghij0123456789klmnopqrst0",
"cert_name": "tenantid12345678-abcd-9012-efgh-ijkl",
"cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
"type": "Microsoft Teams"
}'
Microsoft Office - OneDrive Business
To add a credential set for OneDrive Business Targets, define the following fields in the request body:
- label: A descriptive label for the OneDrive Business credential set.
-
username: Client ID for the registered Enterprise Recon app.
-
password: Client Secret for the registered Enterprise Recon app.
-
cert_name: Tenant ID for the registered Enterprise Recon app.
-
cert_file: Base64 encoded string of the tenant ID for the registered Enterprise Recon app.
- type: OneDrive Business.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "Credentials-for-OneDrive-Business-Target",
"username": "clientid1234abcd-56ef-78gh-90ij-1234",
"password": "clientsecretabcdefghij0123456789klmnopqrst0",
"cert_name": "tenantid12345678-abcd-9012-efgh-ijkl",
"cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
"type": "OneDrive Business"
}'
Microsoft Office - SharePoint Online
To add a credential set for SharePoint Online Targets, define the following fields in the request body:
- label: A descriptive label for the SharePoint Online credential set.
- username: Client ID for the registered SharePoint Add-in.
- password: Client Secret for the registered SharePoint Add-in.
- cert_name: Tenant ID for the registered SharePoint Add-in.
- cert_file: Base64 encoded string of the tenant ID for the registered SharePoint Add-in.
- type: SharePoint Online.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "Credentials-for-SharePoint-Online-Target",
"username": "clientid1234abcd-56ef-78gh-90ij-1234",
"password": "clientsecretabcdefghij0123456789klmnopqrst0",
"cert_name": "tenantid12345678-abcd-9012-efgh-ijkl",
"cert_file": "dGVuYW50aWQxMjM0NTY3OC1hYmNkLTkwMTItZWZnaC1pamts",
"type": "SharePoint Online"
}'
Salesforce
To add a credential set for Salesforce Targets, define the following fields in the request body:
- label: A descriptive label for the Salesforce credential set.
- username: Salesforce account with access to the Enterprise Recon connected app and minimum "Read" permissions for the Salesforce Objects to be scanned.
- password: Consumer Key for the Enterprise Recon connected app.
- cert_name: Name of the private key file.
- cert_file: Base64 encoded string of the contents of the private key file.
- type: Salesforce.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "Credentials-for-Salesforce-Target",
"username": "admin@example.com",
"password": "1234567890.ConsumerKeyForTheEnterpriseReconConnectedApp...",
"cert_name": "er-salesforce.key",
"cert_file": "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZB...",
"type": "Salesforce"
}'