Merge pull request #163 from netwrix/change-tracker/add-creds-endpoint-docs

jtviolet · web-flow · commit bca0e91fabf0 · 2025-08-27T07:34:25.000-04:00
diff --git a/docs/changetracker/8.1/integration/api/credentials.md b/docs/changetracker/8.1/integration/api/credentials.md
@@ -0,0 +1,161 @@
+---
+title: "Credentials"
+description: "Credentials API for managing authentication credentials in ChangeTracker"
+sidebar_position: 10
+---
+
+# Credentials
+
+## Overview
+
+The Credentials API allows you to manage authentication credentials used by ChangeTracker to connect to various systems and services. This API provides endpoints for creating, retrieving, updating, and deleting credentials for different credential types including Shell, Database, FTP, Cloud, ESX, ITSM, and Splunk.
+
+Credentials are identified by a unique key and include various parameters specific to the credential type. The API requires authentication and the `CredentialsManage` permission to perform operations.
+
+## Endpoints
+
+### Get Credentials
+
+Retrieves credentials for a specified type and key.
+
+**HTTP Request**
+```
+GET /credentials
+```
+
+**Query Parameters**
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| key | string | Yes | Unique identifier for the credentials |
+| type | string | Yes | Type of credentials (Shell, Database, FTP, Cloud, ESX, ITSM, Splunk) |
+
+**Response**
+Returns a Credentials object with the following properties:
+
+```json
+{
+  "Version": 0,
+  "CredentialType": "Shell",
+  "DeviceOnlineDetection": "None",
+  "Key": "example-key",
+  "PublicKeys": ["string"],
+  "Parameters": {"username": "user", "password": "***"},
+  "Prompts": ["string"],
+  "LastModifiedDateUtc": "2025-08-21T10:23:32.0000000Z",
+  "IsTrusted": true,
+  "NotTrustedReason": "",
+  "DiscoveryTaskId": 0,
+  "DiscoveryStatusMessage": "",
+  "DiscoveryTaskStatus": "Complete"
+}
+```
+
+### Create Credentials
+
+Adds new credentials for a specified type and key.
+
+**HTTP Request**
+```
+POST /credentials/add
+```
+
+**Authentication**
+Requires authentication and the `CredentialsManage` permission.
+
+**Request Body**
+```json
+{
+  "Credentials": {
+    "CredentialType": "Shell",
+    "DeviceOnlineDetection": "None",
+    "Key": "example-key",
+    "PublicKeys": ["string"],
+    "Parameters": {"username": "user", "password": "secret"},
+    "Prompts": ["string"],
+    "DecryptionErrors": {},
+    "LastModifiedDateUtc": "2025-08-21T10:23:32.0000000Z",
+    "IsTrusted": false,
+    "NotTrustedReason": "",
+    "DiscoveryTaskId": 0,
+    "DiscoveryStatusMessage": "",
+    "DiscoveryTaskStatus": "AwaitingPickup"
+  }
+}
+```
+
+**Parameters**
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| CredentialType | enum | Yes | Type of credential (Unknown, Shell, Database, FTP, Cloud, ESX, ITSM, Splunk) |
+| DeviceOnlineDetection | enum | No | Method for detecting if device is online (None, Ping, TcpConnect) |
+| Key | string | Yes | Unique identifier for the credentials |
+| PublicKeys | array | No | List of public keys |
+| Parameters | object | Yes | Dictionary of credential parameters (e.g., username, password) |
+| Prompts | array | No | List of prompts |
+| IsTrusted | boolean | No | Whether the credential is trusted |
+
+**Response**
+Returns the created Credentials object.
+
+### Update Credentials
+
+Updates existing credentials for a specified type and key.
+
+**HTTP Request**
+```
+POST /credentials/update
+```
+
+**Authentication**
+Requires authentication and the `CredentialsManage` permission.
+
+**Request Body**
+Similar to the Create Credentials endpoint, but updates an existing credential.
+
+**Response**
+Returns the updated Credentials object.
+
+### Delete Credentials
+
+Deletes credentials for a specified type and key.
+
+**HTTP Request**
+```
+POST /credentials/delete
+```
+
+**Authentication**
+Requires authentication and the `CredentialsManage` permission.
+
+**Query Parameters**
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| key | string | Yes | Unique identifier for the credentials to delete |
+| type | string | Yes | Type of credentials to delete |
+
+**Response**
+Returns a success status code (200) if the credentials were successfully deleted.
+
+## Credential Types
+
+The following credential types are supported:
+
+| Type | Description |
+|------|-------------|
+| Shell | Command-line shell credentials |
+| Database | Database connection credentials |
+| FTP | File Transfer Protocol credentials |
+| Cloud | Cloud service credentials |
+| ESX | VMware ESX/ESXi credentials |
+| ITSM | IT Service Management credentials |
+| Splunk | Splunk credentials |
+
+## Online Detection Methods
+
+The following online detection methods are available:
+
+| Method | Description |
+|--------|-------------|
+| None | No online detection |
+| Ping | Use ICMP ping to detect if device is online |
+| TcpConnect | Use TCP connection to detect if device is online |
diff --git a/docs/changetracker/8.1/integration/api/overview.md b/docs/changetracker/8.1/integration/api/overview.md
@@ -1,14 +1,67 @@
 ---
 title: "API"
-description: "API"
+description: "ChangeTracker API Documentation"
 sidebar_position: 20
 ---
 
 # API
 
-Customers who run multiple instances of Netwrix Change Tracker in multiple regions can use the API
-to pull data from each instance and use that data build global reports containing data from all
-instances.
+Netwrix Change Tracker provides a comprehensive REST API that allows customers to integrate with the platform programmatically. This is particularly useful for customers who run multiple instances of Netwrix Change Tracker in multiple regions, as they can use the API to pull data from each instance and build global reports containing data from all instances.
 
-- [Agents](/docs/changetracker/8.1/integration/api/agents.md) – To pull data on agent statuses, configurations and group memberships, use
-  the agentsRanked endpoint.
+## Authentication
+
+All API endpoints require authentication. You'll need to include appropriate authentication credentials with your requests. The specific authentication method is detailed in each API documentation page.
+
+## Available APIs
+
+The following API endpoints are available in Netwrix Change Tracker:
+
+- [Agents](/docs/changetracker/8.1/integration/api/agents.md) – Pull data on agent statuses, configurations, and group memberships using the agentsRanked endpoint. This API allows you to retrieve detailed information about all agents in your environment, including their group memberships and applied tracking templates.
+
+- [Register Agents](/docs/changetracker/8.1/integration/api/register-agents.md) – Register new agents with the system using the agents/register endpoint. This API allows you to register both direct agents installed on devices and proxied devices accessed through another agent.
+
+- [Credentials](/docs/changetracker/8.1/integration/api/credentials.md) – Manage authentication credentials used by ChangeTracker to connect to various systems and services. This API provides endpoints for creating, retrieving, updating, and deleting credentials for different credential types including Shell, Database, FTP, Cloud, ESX, ITSM, and Splunk.
+
+## API Usage Best Practices
+
+When working with the ChangeTracker API, consider the following best practices:
+
+1. **Rate Limiting**: Implement appropriate rate limiting in your applications to avoid overwhelming the API.
+
+2. **Error Handling**: Always implement proper error handling in your code to gracefully handle API errors.
+
+3. **Authentication**: Store API credentials securely and never expose them in client-side code.
+
+4. **Data Filtering**: When retrieving large datasets, use the available filtering parameters to limit the amount of data returned.
+
+5. **Pagination**: For endpoints that return large collections, implement pagination to improve performance.
+
+## Example Usage
+
+Below is a simple example of how to use the API with PowerShell:
+
+```powershell
+# Set up a session variable for the Admin user
+$myWebSession = GetAdminUserSession
+
+# Define the API endpoint
+$uri = "https://changetracker.example.com/api/agentsRanked"
+
+# Define the request body
+$requestBody = @{
+    DeviceFilter = @{
+        GroupNames = @()
+        AgentDeviceIds = @()
+        AgentDisplayNames = @()
+        ExcludeProxiedDevices = $false
+        OnlineStatuses = @("Online")
+    }
+    GetAgentGroupDetails = $true
+    GetRelatedTemplates = $true
+} | ConvertTo-Json
+
+# Make the API request
+$result = Invoke-RestMethod -Method Post -ContentType application/json -Uri $uri -WebSession $myWebSession -Body $requestBody
+```
+
+For more detailed information about each API endpoint, please refer to the specific API documentation pages linked above.
diff --git a/docs/changetracker/8.1/integration/api/register-agents.md b/docs/changetracker/8.1/integration/api/register-agents.md
