UAG - Secret Checkout and Checkin


Data Structures

Checkout Object Specification

CheckoutModel

Attribute

Type

Required

Description

account_id

string

yes

Account of which secret is retrieved.

session_id

string

When checkout session is ongoing, it can be reused.

reason

string

Reason to checkout secret. Required when login_reason is set in the safe.

force

boolean; default value true

Overrides exclusive checkout limit if configured.

Retrieve Available Attributes of the CheckoutModel

Request

Method

GET

Path

/api/v2/objspec/checkout

GET /api/v2/objspec/checkout

Example Request

curl -s -k -X GET \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  'https://10.0.214.98/api/v2/objspec/checkout'

Checkin Object Specification

CheckinModel

Attribute

Type

Required

Description

session_id

string

yes

Checkout session ID to stop.

Retrieve Available Attributes of the CheckinModel

Request

Method

GET

Path

/api/v2/objspec/checkin

GET /api/v2/objspec/checkin

Example Request

curl -s -k -X GET \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  'https://10.0.214.98/api/v2/objspec/checkin'

Checkout Secret

Request

Method

POST

Path

/api/v2/secret/checkout

Headers

Content-Type: application/json

Body

CheckoutModel

POST /api/v2/secret/checkout

Example Request

curl -s -k -X POST \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  -H 'Content-Type: application/json' \
  https://10.0.0.1/api/v2/secret/checkout \
  -d '{"account_id": "8169529724050079750", "reason": "emergency","force":false}'

Note

  • The reason field is optional and depends on the safe configuration. If not required, you can pass "reason": null.

  • The force flag allows you to override exclusive checkout restrictions. If set to false and the password is already checked out, the system will wait until it is returned. To bypass this, set force to true.

Response

{
    "status": "approved",
    "session_id": "8169529724050079755",
    "timeout": null,
    "confirmation_timeout": null,
    "reason": null,
    "pwd": "password",
    "login": "Administrator",
    "domain": null,
    "result": "success"
}

Note

  • In the following response, the password was revealed as "pwd": "password" and checkout session ID as "session_id": "8169529724050079755".

  • If there is a Password checkout time limit set for this specific account, the timeout will present the time (in seconds) after which the password is returned automatically (e.g., "timeout": 1800).

  • If the Require approval option is enabled in the safe configuration, the confirmation_timeout specifies the timeframe (in minutes) within which authorized users can approve or reject the access request.

Repeat Checkout in the Same Session

Note

This scenario is used if the Require approval option is enabled in the safe configuration. After the administrator approves the access request, the request must be sent once more with the session_id number included to reveal the password.

Example Request

curl -s -k -X POST \
  -H 'Authorization: sgfeea6jsaz4mum9su8w6' \
  -H 'Content-Type: application/json' \
  https://10.0.0.1/api/v2/secret/checkout \
  -d '{"account_id": "8169529724050079750", "reason": "emergency","force":false,"session_id": "8169529724050079755"}'

Response

{
    "status": "approved",
    "session_id": "8169529724050079755",
    "timeout": null,
    "confirmation_timeout": null,
    "reason": null,
    "pwd": "password",
    "login": "Administrator",
    "domain": null,
    "result": "success"
}

Checkin Secret

To checkin the secret use sesion_id obtained in the checkout response.

Request

Method

POST

Path

/api/v2/secret/checkin

Headers

Content-Type: application/json

Body

CheckinModel

POST /api/v2/secret/checkin

Example Request

curl -s -k -X POST \
-H 'Authorization: sgfeea6jsaz4mum9su8w6' \
-H 'Content-Type: application/json' \
https://10.0.0.1/api/v2/secret/checkin \
-d '{"session_id": "8169529724050079755"}'

Response

{
    "result": "success"
}