Testimonials
What our customers say about Team Password Manager

API: My Passwords

Current Team Password Manager version: 12.160.277

API v5

Sections: List passwords | Show a password | Create a password | Update a password | Move a password | Delete a password

Note: since v. 6.63.136 personal passwords can be disabled (see the ALLOW_PERSONAL_PASSWORDS parameter). If personal passwords are disabled any of the requests described in this page will be responded with the response code 403 FORBIDDEN and with the error message "Personal passwords are disabled".

List passwords

These return the personal passwords of the user (My Passwords). The returned data is the same as in the my passwords list in the web interface.

GET /my_passwords.json
GET /my_passwords/search/urlencoded_string.json (see notes below)

The responses from these requests are paginated and /count.json and /page/num.json can be used. See the section on pagination for more information. Example: GET /my_passwords/page/2.json

If successful, the response code is 200 OK with the results of the call in the response body.

Example response body:

[
 {
    "id": 1049,
    "name": "My website",
    "notes_snippet": "Some notes for my website",
    "tags": "personal,website",
    "access_info": "http:\/\/www.mywebsite.com\/admin",
    "username": "myuser",
    "email": "myemail@mywebsite.com",
    "has_password": true,
    "updated_on": "2015-03-11 21:54:35"
  },
...
]

Notes:

  • has_password is true if the password entry has the password datum filled in. To view it you need to use the show a password method.
  • You can use the search operators when searching for passwords.
  • You need to urlencode the "urlencoded_string" part.
  • Example (in PHP):
    $search_string = 'username:john'; // Find my passwords whose username is "john"
$search_string_urlencoded = urlencode($search_string);
$request_url = 'https://YOUR_TPM_URL/index.php/api/v5/my_passwords/search/' . $search_string_urlencoded . '.json';

Show a password

This method returns all the data of a password, identified by its internal id.

GET /my_passwords/ID.json

If successful, the response code is 200 OK with the results of the call in the response body.

Example response body:

{
  "id": "1049",
  "name": "My website",
  "tags": "personal,website",
  "access_info": "http:\/\/www.mywebsite.com\/admin",
  "username": "myuser",
  "email": "myemail@mywebsite.com",
  "password": "mypwd1234",
  "notes": "Some notes for my website",
  "created_on": "2015-03-11 21:54:35",
  "created_by": {
    "id": "1",
    "username": "john",
    "email_address": "john@teampasswordmanager.com",
    "name": "John Boss",
    "role": "Admin"
  },
  "updated_on": "2015-03-13 15:24:40",
  "updated_by": {
    "id": "1",
    "username": "john",
    "email_address": "john@teampasswordmanager.com",
    "name": "John Boss",
    "role": "Admin"
  }
}

Note: custom fields (introduced in v. 12.160.277) cannot be used with this version of the API.


Create a password

POST /my_passwords.json

The request body must include the data for the password. The only required fields is the name of the password:

{
  "name": "Name of the password",
  ...
}

If successful, the response code is 201 Created with the internal id of the password in the response body:

{
  "id": 123
}

The following fields can be used when creating a password: 'name' (required), 'tags' (list of comma separated strings), 'access_info', 'username', 'email', 'password', 'notes'.

Note: custom fields (introduced in v. 12.160.277) cannot be used with this version of the API.


Update a password

PUT /my_passwords/ID.json

The request body must include the data for the password. Only the fields that are included are updated, the other fields are left unchanged:

{
  "name": "Changed name of the password",
  "tags": "tag1,tag2,tag3",
  ...
}

If successful, the response code is 204 No content and the response body is empty.

The following fields can be used when updating a password: 'name', 'tags' (list of comma separated strings), 'access_info', 'username', 'email', 'password', 'notes'. The 'name' field, if used, cannot be empty.

Note: custom fields (introduced in v. 12.160.277) cannot be used with this version of the API.


Move a password

Move a password to a project.

PUT /my_passwords/ID/move.json

The request body must include the ID of the target project:

{
  "project_id": 123
}

Note: project_id cannot be 0.

When moving a personal password to a project, a shared password is created and the personal password is deleted.

If successful, the response code is 201 Created with the internal id of the shared password in the response body:

{
  "id": 321
}

Note: custom fields and files (introduced in v. 12.160.277) in the password will be moved too when moving the personal password to a project.


Delete a password

DELETE /my_passwords/ID.json

This deletes the password.

If successful, the response code is 204 No content and the response body is empty.

Note: since v. 12.143.260, the password is moved to the personal Trash Bin.

Document changelog

Feb 15, 2024: Notes on custom fields and files.
May 30, 2023: Since v. 12.143.260, when deleting a password, it's moved to the personal Trash Bin.
Nov 12, 2021: Document created
Questions or Problems? Please contact our support department