New User Console "/pam" has been added in PAM 3.5:
Enhancements to REST API have been made including Credential Vault Management in PAM 3.5:
I recommend upgrading to PAM 3.5 / 3.6 as there has been many great enhancements made to the product.
However, in PAM 3.2, the following REST API Guide is available detailing all available at that time ("Add or Modify Credential"):
Thanks. But, if you look at #11 (Add or Modify Vault), in the REST API Guide, the curl command example uses "pum_rest_auth" for authentication. Where does the value for this variable come from? This variable is used in other curl examples but no information is provided on how to generate the variable's value.
That is the token needed to authenticate the request. The documentation has improved here in more recent releases of PAM and has a built-in with a "Try it Out" dashboard for the REST API.
There are a couple options in PAM 3.2 for authentication:
1) Basic Auth - provide on every curl command to set the "basic auth" username & password, which re-authenticates every time. From curl documentation, this can be done with -u, --user <user:password>. With this approach, you won't need to reference the "pum_rest_auth" part of the curl command examples.
2) Authenticate with PAM and retrieve the pum_rest_auth from the "Set-Cookie" HTTP response. To do so, you'll need to call the REST API "/rest/auth/Login" and then use the Cookie it returns in subsequent requests. Adding "-v, --verbose" to the curl will reveal this. There are other approaches to handle auth cookies built into curl. To obtain the cookie with verbose mode, something like the following:
curl -v --insecure -u <user:password> "">localhost/.../Login"
Look for "< Set-Cookie: pum_rest_auth=..."
We looked into upgrading to 3.5/3.6 but because the consoles are being upgraded to HTML5 in a piecemeal fashion, admins have to work with the older and newer consoles, rather than one seamless experience. We can currently do everything we need with 3.2 so we plan to hold off on upgrading until all of the consoles we normally use are upgraded. Of course, if support for 3.2 ends, then we'll be forced to upgrade.