The SAP IQ API lets you list, create, update and delete SAP IQ authentication records for compliance scans (using PC). User permissions for this API are the same as other authentication record APIs.
Use these parameters to create or update SAP IQ authentication records.
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action={action} |
Required | String |
Specify create, update, delete (using POST) or list (using GET or POST). See List Auth Records for type |
|
echo_request={0|1} |
Optional | Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
ids={value} |
Required to update or delete record | Integer |
Record IDs to update/delete. Specify record IDs and/or ID ranges (for example, 1359-1407). Multiple entries are comma separated. |
|
title={value} |
Required to create record | String |
A title for the record. The title must be unique. Maximum 255 characters (ascii). |
|
comments={value} |
Optional to create or update record | String |
User defined comments. Maximum of 1999 characters. |
|
SAP IQ |
|||
|
database={value} |
Required to create request | Integer |
The database name to authenticate to. |
|
port={value} |
Required to create request | Integer |
The port the database is running on. |
|
installation_dir={value} |
Required for create request when this record will be used for scanning Unix hosts | Path |
The database installation directory for scanning Unix hosts. |
| resource_id | Optional | Integer | Specify resource id for a Hitachi ID PAM authentication record. |
|
Login Credentials |
|||
|
username={value} |
Required for create request | String |
The username of the account to be used for authentication. If password is specified this is the username of a SAP IQ account. If login_type=vault is specified, this is the username of a vault account. Maximum 255 characters (ascii). |
|
password={value} |
For create request, password or login_type=vault is required | Alphanumeric |
The password of the SAP IQ account to be used for authentication. Maximum 100 characters (ascii). |
|
password_encryption={0|1} |
Optional to create or update record | Integer |
Enable this option when your database instance requires an encrypted password for successful login. If password encryption is required and you do not enable this option then authentication will fail. When set to 1, password encryption is enabled in the record. When set to 0 (the default), password encryption is not enabled. |
|
Vault |
|||
|
login_type={basic|vault} |
For create request, password or login_type=vault is required | Boolean |
Login type can be basic (default) or vault. Set to vault if a third party vault will be used to retrieve the password. Vault parameters need to be provided in the record. See “Vault Definition” in the API user guide. |
|
vault_id={value} |
Required if login_type=vault | Integer |
The ID of the vault to be used to retrieve the password for login. |
|
vault_type={value} |
Required if login_type=vault | String |
The third party vault to be used to retrieve the password for login. Certain vaults support this capability. See “Vault Support Matrix” in the API user guide. |
|
{vault parameters} |
Required only when action=create and login_type=vault | Integer |
Vault specific parameters required depend on the vault type you've selected. See Vault Parameters |
|
Target Hosts |
|||
|
ips={value} |
Required to create record | Integer |
The IP address(es) the server will log into using the record’s credentials. Multiple entries are comma separated. (Optional to update record) IPs specified will overwrite existing IPs in the record, and existing IPs will be removed. This parameter and the add_ips parameter or the remove_ips parameter cannot be specified in the same request. |
|
add_ips={value} |
Optional to update record | Integer |
Add IPs and/or ranges to the IPs list for this record. Multiple IPs/ranges are comma separated. This parameter and the ips parameter cannot be specified in the same request. |
|
remove_ips={value} |
Optional to update record | Integer |
IPs to be removed from your record. You may enter a combination of IPs and ranges. Multiple entries are comma separated. This parameter and the ips parameter cannot be specified in the same request. |
|
network_id={value} |
Optional to create or update record, and valid when the networks feature is enabled | Integer |
The network ID for the record. |
API Request
curl -H 'X-Requested-With:curl demo2' -u "xx:xxxx" -d"action=create&title=sapiq_API_vault&login_type=vault&username=test&vault_type=Hitachi IDPAM&vault_id=1358790&resource_id=rid12&ips=1.1.1.1&port=333&database=db""<qualys_base_url>/api/2.0/fo/auth/sapiq/"
XML Output
"<?xml version=""1.0"" encoding=""UTF-8"" ?> <!DOCTYPE BATCH_RETURN SYSTEM ""<qualys_base_url>/api/2.0/batch_return.dtd""> <BATCH_RETURN> <RESPONSE> <DATETIME>2023-11-30T06:40:57Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Created</TEXT> <ID_SET> <ID>3797828</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>"
Use these parameters to list SAP IQ authentication records.
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action={action} |
Required | String |
Specify list (using GET or POST) to list records. |
|
details={value} |
Optional | Boolean |
Default value is Basic. You can choose from None, Basic, and All. |
|
ids={value} |
Optional | Integer |
SAP IQ auth record IDs to list. Specify record IDs and/or ID ranges (for example, 1359-1407). Multiple entries are comma separated. |
API Request
curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' -d "action=list&details=All""https://<qualys_base_url>/api/2.0/fo/auth/sapiq/"
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE AUTH_SAPIQ_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/2.0/fo/auth/sapiq/auth_sapiq_list_output.dtd"> <AUTH_SAPIQ_LIST_OUTPUT> <RESPONSE> <DATETIME>2020-12-11T18:02:56Z</DATETIME> <AUTH_SAPIQ_LIST> <AUTH_SAP_IQ> <ID>4423387</ID> <TITLE><![CDATA[sap_iq_api_2]]></TITLE> <USERNAME><![CDATA[dba]]></USERNAME> <IP_SET> <IP>10.11.70.54</IP> </IP_SET> <DATABASE><![CDATA[iqdemo]]></DATABASE> <PORT>2638</PORT> <LOGIN_TYPE><![CDATA[basic]]></LOGIN_TYPE> <NETWORK_ID>0</NETWORK_ID> <CREATED> <DATETIME>2020-12-11T06:24:15Z</DATETIME> <BY>joe_user</BY> </CREATED> <LAST_MODIFIED> <DATETIME>2020-12-11T06:24:15Z</DATETIME> </LAST_MODIFIED> </AUTH_SAP_IQ> <AUTH_SAP_IQ> <ID>4423518</ID> <TITLE><![CDATA[sap_iq_api_3]]></TITLE> <USERNAME><![CDATA[dba]]></USERNAME> <IP_SET> <IP>10.11.70.52</IP> </IP_SET> <DATABASE><![CDATA[iqdemo]]></DATABASE> <PORT>2638</PORT> <INSTALLATION_DIR><![CDATA[test]]></INSTALLATION_DIR> <PASSWORD_ENCRYPTION><![CDATA[1]]></PASSWORD_ENCRYPTION> <LOGIN_TYPE><![CDATA[basic]]></LOGIN_TYPE> <NETWORK_ID>0</NETWORK_ID> <CREATED> <DATETIME>2020-12-11T12:35:12Z</DATETIME> <BY>joe_user</BY> </CREATED> <LAST_MODIFIED> <DATETIME>2020-12-11T12:35:12Z</DATETIME> </LAST_MODIFIED> </AUTH_SAP_IQ> </AUTH_SAPIQ_LIST> <GLOSSARY> <USER_LIST> <USER> <USER_LOGIN>joe_user</USER_LOGIN> <FIRST_NAME>Joe</FIRST_NAME> <LAST_NAME>User</LAST_NAME> </USER> </USER_LIST> </GLOSSARY> </RESPONSE> </AUTH_SAPIQ_LIST_OUTPUT>
Use the following parameter to delete one or more SAP IQ authentication records.
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
ids={value} |
Required to delete record | Integer |
SAP IQ auth record IDs to delete. Specify record IDs and/or ID ranges (for example, 1359-1407). Multiple entries are comma separated. |
API Request
curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' -d "action=delete&ids=4423386" "https://<qualys_base_url>/api/2.0/fo/auth/sapiq/"
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2020-12-11T12:09:25Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Deleted</TEXT> <ID_SET> <ID>4423386</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
API Request
curl -H 'X-Requested-With:curl demo2' -u "xx:xxxx" -d"action=update&title=sapiq_API_vault_update&login_type=vault&vault_type=Hitachi ID PAM&vault_id=1358790&resource_id=rid12_update&ids=3797828""<qualys_base_url>/api/2.0/fo/auth/sapiq/"
XML Output
"<?xml version=""1.0"" encoding=""UTF-8"" ?>
<!DOCTYPE BATCH_RETURN SYSTEM
""<qualys_base_url>/api/2.0/batch_return.dtd"">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2023-11-30T06:44:27Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>3797828</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>"
API Request
curl -H 'X-Requested-With:curl demo2' -u "vsh_sm:Qatemp123#" -d"action=list&ids=3797828""<qualys_base_url>/api/2.0/fo/auth/sapiq/"
XML Output
"<?xml version=""1.0"" encoding=""UTF-8"" ?>
<!DOCTYPE AUTH_SAPIQ_LIST_OUTPUT SYSTEM
""<qualys_base_url>/api/2.0/fo/auth/sapiq/auth_sapiq_list_output.dtd"">
<AUTH_SAPIQ_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2023-11-30T06:46:26Z</DATETIME>
<AUTH_SAPIQ_LIST>
<AUTH_SAP_IQ>
<ID>3797828</ID>
<TITLE><![CDATA[sapiq_API_vault_update]]></TITLE>
<USERNAME><![CDATA[test]]></USERNAME>
<IP_SET>
<IP>1.1.1.1</IP>
</IP_SET>
<DATABASE><![CDATA[db]]></DATABASE>
<PORT>333</PORT>
<LOGIN_TYPE><![CDATA[vault]]></LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID><![CDATA[1358790]]></DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE><![CDATA[Hitachi ID
PAM]]></DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE><![CDATA[Hitachi ID PAM
vault]]></DIGITAL_VAULT_TITLE>
<VAULT_RESOURCE_ID><![CDATA[rid12_update]]></VAULT_RESOURCE_ID>
</DIGITAL_VAULT>
<CREATED>
<DATETIME>2023-11-30T06:40:57Z</DATETIME>
<BY>vsh_sm</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2023-11-30T06:44:27Z</DATETIME>
</LAST_MODIFIED>
</AUTH_SAP_IQ>
</AUTH_SAPIQ_LIST>
</RESPONSE>
</AUTH_SAPIQ_LIST_OUTPUT>
<platform API server>/api/2.0/batch_return.dtd
<platform API server>/api/2.0/fo/auth/sapiq/auth_sapiq_list_output.dtd