Website logo
⌘K
Technical documentation
Installation manuals
Technical requirements
Standard installation on Linux
Standard installation on Windows Server
Manual installation on Linux
Manual installation on Windows Server
Administration
Migration to Passwork 6
How to update Passwork
Configuring background tasks
Mapping LDAP security groups with roles in Passwork
Mobile applications
Configuring SMTP for Windows Server
What to do in case of errors
About config.ini
Emergency mode
Import from Bitwarden via API
API 4.0
Linux
MongoDB
Legacy
Updates
Help center
Docs powered by Archbee
Website logo
Help center
Legacy
Passwork 4

Passwork Legacy API Reference

7min

The API provides access to the basic features and allows you to integrate Passwork in your infrastructure or develop your own client.

General

  1. Data is sent by HTTP POST requests
  2. API End Point — https:///api3/
  3. API uses JSON format
  4. We strongly recommend to use an HTTPS connection

Server reply

Shell
{
    'response' : { ... },
    'errorCode' : '...',
    'errorMessage' : '...'
}


In case of an error, response is false.

All further examples relate to response field.

Open session

/api3/openSession

Creates a new session. Returns a session code, which has to be passed with each request. The session is automatically expired each few minutes.

POST parameters:

email — User e-mail (login)

password — Authorization password

Server reply:

Success

Shell
{
    'code' : '...', // session code
    'hash' : '...'  // sha256 (or md5 for old versions) hash of a master password
}


Field сode has to be passed with each further request to the API.Field hash helps to check if the master password is correct.

Errors:

response = false

Wrong login or password.

errorCode = ban

User is banned due to repeated failed attempts to open a new session.

Get vaults and folders

/api3/getGroups

Gets all vaults with folders (but without passwords).

Parameters:

session — Session code

Server reply:

Data

Shell
{
   "response":[
      {
         "groupId":"5d52d812b05d4b49ea05faf2",
         "name":"Vault 1",
         "passwordCrypted":"....",
         "access":"admin",
         "categories":[

         ],
         "scope":"user",
         "id":"5d52d812b05d4b49ea05faf2"
      },
      {
         "groupId":"5d41b39fb05d4b07214bcff2",
         "name":"Vault 2",
         "passwordCrypted":"....",
         "access":"admin",
         "categories":[
            {
               "groupId":"5d41b39fb05d4b07214bcff2",
               "name":"Folder",
               "ancestors":[

               ],
               "id":"5d53ffabb05d4b5fce177903",
               "level":0,
               "hasChild":true,
               "categories":[
                  {
                     "groupId":"5d41b39fb05d4b07214bcff2",
                     "name":"Subfolder",
                     "parentId":"5d53ffabb05d4b5fce177903",
                     "ancestors":[
                        "5d53ffabb05d4b5fce177903"
                     ],
                     "id":"5d53ffbbb05d4b5fc5676c15",
                     "level":1,
                     "hasChild":false,
                     "categories":[

                     ]
                  }
               ]
            }
         ],
         "scope":"domain",
         "visible":true,
         "domainMaster":"....",
         "id":"5d41b39fb05d4b07214bcff2"
      },
      {
         "groupId":"5d4d6a0fb05d4b66146f5262",
         "name":"Private Vault",
         "passwordCrypted":"....",
         "access":"admin",
         "categories":[

         ],
         "scope":"domain",
         "visible":true,
         "domainMaster":"....",
         "id":"5d4d6a0fb05d4b66146f5262"
      }
   ]
}


Errors:

Shell
{
    'response' : false,
    'errorCode' : 'expired',
    'errorMessage' : 'Session expired'
}


Session is expired. Needs opening a new session using openSession.

Get passwords

/api3/getPasswords

Get passwords from particular folder

POST parameters::

session — Session code

groupdId — Vault ID

categoryId — Folder ID

Shell
{ 
   "response":[ 
      { 
         "name":"Password name",
         "login":"Login",
         "cryptedPassword":"...",
         "url":"",
         "groupId":"5d41b39fb05d4b07214bcff2",
         "attachments":[ ],
         "id":"5d41b3a7b05d4b079112c2b2",
         "tags":[ ]
      }
   ]
}


How to decrypt passwords

JavaScript-style pseudo-code.

Shell
var decode = function(data, pwd) {
/*
	If a client side encyption is enabled.
	The client side encryption is always enabled for the SaaS passwork.me.
  The client side encryption is disabled by default for a self-hosted edition.

  creds.crypto — master password of a particular user
*/
        if(creds.encryption)
        {
            pwd = pwd ? pwd : creds.crypto;
						return CryptoJS.AES.decrypt(base32.decode(data), pwd).
							toString(CryptoJS.enc.Utf8);
        }

/*
	If the client side encryption is disabled then the data is just encoded with Base64
*/        
		    return base64decode(data);
}

/*
data — password object loaded from the API
group — vault object loaded from the API
*/
var parsePassword = function(data, group) {

        var groupPassword = false;
/*
group.scope === 'user' — Private vault
group.scope === 'domain' — Organization vault

Organization vault is a feature of a self hosted edition. It's not avaiabled for SaaS. 
*/
        if(group.scope === 'user'){
            groupPassword = decode(group.passwordCrypted);
        }else{
            var domainPassword = decode(group.domainMaster);
            groupPassword = decode(group.passwordCrypted, domainPassword);
        }

/*
Inject methods to decrypt the password.
*/
        data.getPassword = function() {
            return decode(this.cryptedPassword, groupPassword);
        }

        data.getCustom = function() {
            if (!data.custom)
                return [];

            return this.custom.map(function(el) {
                return {
                    'name': decode(el.name, groupPassword),
                    'value': decode(el.value, groupPassword)
                };
            });
        }
		
		return data;
}


API limitations

The API works in read-only mode.

Updated 22 Nov 2023
Did this page help you?
PREVIOUS
Passwork 4
NEXT
Docker
Docs powered by Archbee
TABLE OF CONTENTS
Open session
Get vaults and folders
Get passwords
How to decrypt passwords
API limitations
Docs powered by Archbee