Cannot add target accounts for password view using the PUT /api.php/v1/policies.json/{userOrGroupId}/{deviceOrGroupId} resource
search cancel

Cannot add target accounts for password view using the PUT /api.php/v1/policies.json/{userOrGroupId}/{deviceOrGroupId} resource


Article ID: 193876


Updated On:


CA Privileged Access Manager (PAM)


We are trying to add password view to access policies using the Rest API. We used the GET /api.php/v1/policies.json/{id} resource to see an example of an existing policy with an account configured for password view. It comes back with information like the following:


"targetAccounts": [ { "applicationName": "ApiKey", "applicationId": "1006", "accountName": "rprestapiuser-11806001", "accountId": "487001" } ],


But when we try to use this syntax in the PUT /api.php/v1/policies.json/{userOrGroupId}/{deviceOrGroupId} call, we get error

Bad Request: Invalid id specified for `policy.targetAccounts[0]`. Expecting integer value


Release : Any support PAM release



The result of the GET call is processed to provide recognizable information on the configured accounts, including the target application and account names. But the PUT resource does not interpret such a structure, it just expects a list of target account IDs.


Use the syntax documented on the Settings > Api Docs page under the PUT /api.php/v1/policies.json/{userOrGroupId}/{deviceOrGroupId} resource:

targetAccounts : Array - the list of target account ids offered by the specified device whose usernames and passwords the user can view.

Ex: "targetAccounts": [1001,1002,1003]


Here is a curl command example allowing the user with ID 11806001 access to the target accounts with IDs 487001 and 20235001 on the device with ID 5 for password view:

curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ \ 
   "targetAccounts": [487001,20235001] \ 
 } \ 
 ' ''


Note that this sets the list of target accounts rather than adding it, i.e. any previously configured target account that is not in the new list will no longer be accessible for password view.


To add target accounts to an existing policy, rather than publishing a new list of target accounts, use POST methods

POST /api.php/v1/policies.json/{id}/targetAccounts
POST /api.php/v1/policies.json/{userOrGroupId}/{deviceOrGroupId}/targetAccounts

For these resources the request body is just a list of target accounts, such as [487001] or [487001,20235001]. Note that the call will fail if one of the accounts is configured in the policy already, and no IDs will be added in that case.


curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '[487001]' ''