Testimonials
What our customers say about Team Password Manager

API v1: Passwords

Current Team Password Manager version: 12.162.284

API v1

Sections: List passwords | Show a password | List of users who can access a password | Create a password | Update a password | Update security of a password | Update custom fields definitions of a password | Delete a password


List passwords

These return the passwords that the user has access to. The returned data is the same as in the passwords lists (all active, archived, favorite and search) in the web interface.

GET /passwords.json
GET /passwords/archived.json
GET /passwords/favorite.json
GET /passwords/search/urlencoded_string.json

The responses from these requests are paginated and /count.json and /page/num.json can be used. See the section on pagination for more information. Example: GET /passwords/page/2.json

If successful, the response code is 200 OK with the results of the call in the response body.

Example response body:

[
  {
    "id": 68,
    "name": "Wordpress admin",
    "project": {
      "id": 12,
      "name": "www.fictionalgadgetsite.com"
    },
    "notes_snippet": "some notes\nother notes",
    "tags": "wordpress",
    "access_info": "http:\/\/www.fictionalgadgetsite.com\/wp-admin",
    "username": "admin_sg",
    "email": "",
    "archived": false,
    "favorite": true,
    "num_files": 1,
    "updated_on": "2014-07-23 18:18:28"
  },
  {
    "id": 175,
    "name": "Sample password",
    "project": {
      "id": 12,
      "name": "www.fictionalgadgetsite.com"
    },
    "notes_snippet": "Some notes \nAnother line of the notes",
    "tags": "tag1,tag2",
    "access_info": "https:\/\/www.google.com",
    "username": "thisisausername",
    "email": "ferran@ferranbarba.com",
    "archived": false,
    "favorite": true,
    "num_files": 0,
    "updated_on": "2014-07-23 18:18:06"
  },
...
]

Note: you can use the search operators when searching for passwords. Just remember to urlencode the search string.


Show a password

This method returns all the data of a password, identified by its internal id.

GET /passwords/ID.json

If successful, the response code is 200 OK with the results of the call in the response body.

Example response body:

{
  "id": 68,
  "name": "Wordpress admin",
  "project": {
    "id": 12,
    "name": "www.fictionalgadgetsite.com"
  },
  "tags": "wordpress",
  "access_info": "http:\/\/www.fictionalgadgetsite.com\/wp-admin",
  "username": "admin_sg",
  "email": "",
  "password": "8!Lc2_q6#\/Ys0|a9\"(Qd",
  "notes": "some notes\nother notes",
  "custom_field1": {
    "type": "Text",
    "label": "Custom 1",
    "data": "prova"
  },
  "custom_field2": {
    "type": "Password",
    "label": "Custom 2",
    "data": "3$Uh1#o4\/Tq2!&5=w7>j"
  },
  "custom_field3": null,
  "custom_field4": null,
  "custom_field5": null,
  "custom_field6": null,
  "custom_field7": null,
  "custom_field8": null,
  "custom_field9": null,
  "custom_field10": null,
  "everyone_has_access": false,
  "users_access": [
    {
      "id": 9,
      "username": "jake",
      "email_address": "jake@externalorg.com",
      "name": "Jake Brown",
      "role": "Read only"
    },
    {
      "id": 23,
      "username": "fbm",
      "email_address": "fbm@teampasswordmanager.com",
      "name": "Ferran Barba",
      "role": "Normal user"
    }
  ],
  "groups_access": [
    {
      "id": 3,
      "name": "External users"
    },
    {
      "id": 7,
      "name": "Read Only Users"
    }
  ],
  "archived": false,
  "favorite": true,
  "num_files": 1,
  "managed_by": {
    "id": 1,
    "username": "john",
    "email_address": "john@teampasswordmanager.com",
    "name": "John Boss",
    "role": "Admin"
  },
  "created_on": "2014-06-05 16:35:19",
  "created_by": {
    "id": 1,
    "username": "john",
    "email_address": "john@teampasswordmanager.com",
    "name": "John Boss",
    "role": "Admin"
  },
  "updated_on": "2014-07-23 19:19:16",
  "updated_by": {
    "id": 1,
    "username": "john",
    "email_address": "john@teampasswordmanager.com",
    "name": "John Boss",
    "role": "Admin"
  }
}

List users who can access a password

This method returns the users that have access to a password, identified by its internal id. This call shows similar data as the "Security" tab of a password.

GET /passwords/ID/security.json

If successful, the response code is 200 OK with the results of the call in the response body.

Example response body:

[
  {
    "user": {
      "id": 18,
      "username": "alan",
      "email_address": "Alan.Hall@teampasswordmanager.com",
      "name": "Alan Hall",
      "role": "Normal user"
    },
    "access_type": "Read"
  },
  {
    "user": {
      "id": 3,
      "username": "claire",
      "email_address": "claire@teampasswordmanager.com",
      "name": "Claire Wood",
      "role": "Project manager"
    },
    "access_type": "Manage"
  },
...
]

Create a password

POST /passwords.json

The request body must include the data for the password. The required fields are the name and the id of the project the password is to be created in:

{
  "name": "Name of the password",
  "project_id": 21,
  ...
}

If successful, the response code is 201 Created with the internal id of the password in the response body:

{
  "id": 345
}

The following fields can be used when creating a password: 'name' (required), 'project_id' (required), 'tags' (list of comma separated strings), 'access_info', 'username', 'email', 'password', 'notes', 'custom_data1', 'custom_data2', 'custom_data3', 'custom_data4', 'custom_data5', 'custom_data6', 'custom_data7', 'custom_data8', 'custom_data9', 'custom_data10'.

Notes: custom data fields are allowed even if custom fields are not defined (their type is text by default).


Update a password

PUT /passwords/ID.json

The request body must include the data for the password. Only the fields that are included are updated, the other fields are left unchanged:

{
  "name": "Changed name of the password",
  "tags": "tag1,tag2,tag3",
  ...
}

If successful, the response code is 204 No content and the response body is empty.

The following fields can be used when updating a password: 'name', 'tags' (list of comma separated strings), 'access_info', 'username', 'email', 'password', 'notes', 'custom_data1', 'custom_data2', 'custom_data3', 'custom_data4', 'custom_data5', 'custom_data6', 'custom_data7', 'custom_data8', 'custom_data9', 'custom_data10'.

Notes: custom data fields are allowed even if custom fields are not defined (their type is text by default). The 'name', if present, cannot be empty.


Update the security of a password

PUT /passwords/ID/security.json

The request body must include the data for the password. Only the fields that are included are updated, the other fields are left unchanged:

{
  "managed_by": 3,
  "users_access": [4,5,6],
  "groups_access": [] // deletes access to groups
}

If successful, the response code is 204 No content and the response body is empty.

The following fields can be used when updating a password's security: 'managed_by' (user id), 'users_access' (array of user ids), 'groups_access' (array of group ids).

Notes: 'managed_by', if present, cannot be 0. To delete access to users/groups set the corresponding fields to an empty array.

To get the users in your Team Password Manager installation you can use GET /users.json and the groups GET /groups.json.


Update custom fields definitions of a password

PUT /passwords/ID/custom_fields.json

The request body must include the data for the password. Only the fields that are included are updated, the other fields are left unchanged:

{
  "custom_label1": "MySQL user",
  "custom_type1": "text",
  "custom_label2": "MySQL password",
  "custom_type2": "password",
  ...
}

If successful, the response code is 204 No content and the response body is empty.

The following fields can be used when updating a password's custom fields definitions: custom_labelX, custom_typeX (X=1..10).

Allowed custom types (case insensitive): 'Text', 'Encrypted text', 'E-mail' or 'email, 'Password', 'Notes', 'Encrypted notes'.

Notes: to delete the definition of a custom field set custom_typeX to an empty string. Deleting the definition of a custom field doesn't delete its data, but it may uncrypt it. No data is passed here, only definition.


Delete a password

DELETE /passwords/ID.json

This deletes the password, its files, etc.

If successful, the response code is 204 No content and the response body is empty.


Questions or Problems? Please contact our support department