You are trying to use the Rest API to add access policies that include RDP transparent logon, with multiple accounts available for selection for logon to the RDP server, and for access to the RDP application. You are looking for a sample body for the "POST /api.php/v1/policies.json/{userOrGroupId}/{deviceOrGroupId}" call.
The following sample body creates a policy that offers three choices for the account used to logon to the RDP server ("accountIds"), three choices for transparent logon to the RDP application ("credentials") and also adds direct password view on the access page for three accounts ("targetAccounts"). In this example the list of account IDs is the same, but they could be different. This policy also enables graphical session recording.
{
"services": [
{
"serviceId": "15001",
"name": "SQL Management Studio",
"accountIds": ["2227001","44001","57001"],
"ssoWindows": [
{
"winId": "1",
"winTitle": "Connect To Server",
"credentials": ["2227001","44001","57001"]
}
]
}
],
"targetAccounts": ["2227001","44001","57001"],
"graphicalRecording": "t",
"transparentLogin": "t"
}
Target account IDs can be obtained from Rest API call "GET /api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts" using the account name as a filter, with the target application ID retrieved using "GET /api.php/v1/devices.json/{id}/targetApplications" (filter on application name) and the device ID from "GET /api.php/v1/devices.json" (filter on device name).
The service ID, winId and winTitle parameters can be obtained using Rest API call "GET /api.php/v1/services.json" with type "RDPApplication" and filtering by service name. Sample request URL:
https://<pam server>/api.php/v1/services.json?type=RDPApplication&sortBy=%2BserviceName&limit=0&searchRelationship=AND&fields=*&serviceName=SQL
Output from this command:
{
"totalRows": "1",
"services": [
{
"comments": "",
"serviceName": "SQL Management Studio",
"enabled": "t",
"hideFromUser": "f",
"serviceId": "15001",
"launchPath": "\"C:\\Program Files (x86)\\Microsoft SQL Server Management Studio 19\\Common7\\IDE\\ssms.exe\"",
"secssoEnabled": "t",
"hashSum": "",
"secssoWindows": [
{
"id": "1",
"title": "Connect To Server",
"rdpSession": "f",
"ssoconfID": "2"
}
]
}
]
}
Note that the parameter names, such as serviceName vs name, id vs winId and title vs winTitle, are somewhat different, but easy to correlate. Using a "GET /api.php/v1/policies.json/{id}" call for an existing similar policy as the ones you are trying to create will show what parameter names the policies REST API resources use.