Accessing the Cloud Administration APIs
The Cloud Administration APIs are REST-based web service interfaces you can use to create clients that perform administrative operations.
There are two methods for managing your access to the Cloud Administration APIs:
OAuth Client
Legacy API Keys
If your clients are set up with legacy API keys, RSA recommends transitioning to OAuth API Clients for enhanced security.
The selected method is used to generate a bearer token that is sent in Base64 URL-safe format in the HTTP Authorization header of Administration API requests.
HTTP requests using an OAuth 2.0 access token must be sent to the Administration API REST URL shown in the OAuth Client section on the Platform > API Access Management page. For example, https://mycompany.access-anz.securid.com/AdminInterface/restapi
HTTP requests using a Legacy Administration API Key must be sent to the adminRestApiUrl specified in the Administration API Key file downloaded from the Legacy API Keys > Administration API Keys section on the Platform > API Access Management page. For example, https://mycompany.access-anz.securid.com/AdminInterface/restapi/v1
Note: You can download the Admin Rest API from the RSA Community Downloads page.
Information for Super Administrators
The following information is for Super Administrator managing the Administration Event Log, User Event Log, and other Cloud Administration APIs:
Information for Application Client Developers and Administrators
The following information is for developers who build client applications that can interact with these APIs and client administrators who configure third-party products to use Cloud Administration APIs.
| Reference | Purpose |
|---|---|
| Authentication for the Cloud Administration APIs | Authenticate using a JSON Web Token (JWT). |
| Cloud Administration Event Log API | Retrieve audit log events from Cloud Access Service (CAS). You can import these events into your security information and event management (SIEM) solution, such as NetWitness. |
| Cloud Administration User Event Log API | Retrieve user event logs from CAS. You can import these events into your security and event management solution, such as NetWitness. |
| Cloud Administration System Event Log API | Retrieve system event logs from CAS. You can import these events into your security and event management solution, such as NetWitness. |
Cloud Administration Local Groups Public API Managing Local Group Users with the Cloud Administration Local Groups Public API | Allow users to integrate from various identity sources (internal identity source, AD/LDAP, or SCIM), allowing them to be grouped together in a single group. |
| Cloud Administration Create Local User API | Add a new user account to a local identity source using the Cloud Administration Create Local User API. |
| Cloud Administration Update Local User API | Modify existing user accounts in a local identity source using the Cloud Administration Update Local User API. |
| Cloud Administration User Details API | Retrieve device and other details about individual users. |
| Cloud Administration Delete User Now API | Delete a single disabled user from CAS and immediately remove all information and devices associated with the user. |
| Cloud Administration Authenticator Details API Version 1 | Retrieve device details about individual users. Does not inlcude the SecurID 700 hardware token. |
| Cloud Administration Authenticator Details API Version 2 | Retrieve device details about individual users. Includes the SecurID 700 hardware token. |
| Cloud Administration Delete User Device API | Delete devices for individual users. |
| Cloud Administration Retrieve Authentication Audit Logs API | Retrieve authentication audit logs. |
| Cloud Administration Update SMS and Voice Phone API | Update the user's phone numbers for SMS OTP and Voice OTP. |
| Cloud Administration User Search API Version 1 | Find a user by searching for a string in the user's email address, version 1. |
| Cloud Administration User Search API Version 2 | Find a user by searching for a string in the user's email address, version 2. |
| Cloud Administration Unlock User Tokencodes API | Unlock users' Authenticate access code, SMS OTP, and Voice OTP. |
| Cloud Administration User Status API | Update a user's status from Disabled to Enabled, or from Enabled to Disabled. |
| Cloud Administration Mark User Deleted API | Mark a disabled user as pending deletion. You can also undelete a user if marking that user for deletion was a mistake. |
| Cloud Administration Synchronize User API | Synchronize a user between an identity source and CAS. |
| Cloud Administration Health Check API | Receive frequent updates on the CAS availability. |
| Cloud Administration Retrieve Device Registration Code API | Generate a code so that users can register their iOS, Android, and Windows devices. |
Cloud Administration Enable Emergency Tokencode API Version 1 | Enable Emergency Access Code for a user, version 1. |
| Cloud Administration Enable Emergency Tokencode API Version 2 | Enable Emergency Access Code for a user, version 2. |
| Cloud Administration Disable Emergency Tokencode API | Disable Emergency Access Code for a user. |
| Cloud Administration Add/Remove High-Risk User API | Add or remove one or more users from the high-risk user list. (Licensed. See ID Plus Subscription Plans) |
| Cloud Administration Retrieve High-Risk User List API Version 1 | Retrieve a list of users who are identified as high risk, version 1. (Licensed. See ID Plus Subscription Plans) |
| Cloud Administration Retrieve High-Risk User List API Version 2 | Retrieve a list of users who are identified as high risk, version 2. (Licensed. See ID Plus Subscription Plans) |
| Cloud Administration Live Verification APIs | Perform secure identity verification for users during support interactions, including initiating, checking, validating, and canceling multi-factor authentication sessions. |
| Cloud Administration Anomalous Users API | Retrieve a list of users who exhibit anomalous behavior. This feature is for companies that use Identity Confidence in access policies. |
| Cloud Administration Retrieve License Usage API | Retrieve MFA license usage to monitor for license compliance. |
| Cloud Administration FIDO Authenticator API | Integrate FIDO authenticator management into your own applications and tools. |
| Cloud Administration Manage FIDO Configuration API | Manage configuration of FIDO authenticators. |
| Cloud Administration Read FIDO Configuration API | Retrieve current configuration of FIDO authenticators. |
| Cloud Administration Generate Enrollment Code API | Generate a verification code for admin-assisted secure enrollment for a list of users. |
| Cloud Administration Void Enrollment Code API | Void verification codes for a list of users. |
| Cloud Administration Password Reset Code API | Generate a password reset code for a list of users. |
| Cloud Administration Void Password Reset Code API | Void reset codes for a list of users. |
| Cloud Administration Assign Hardware Token API | Assign a hardware authenticator to a user. |
| Cloud Administration Unassign Hardware Token API | Unassign a user's hardware authenticator. |
| Cloud Administration Enable Hardware Token API | Enable a user's hardware authenticator. |
| Cloud Administration Disable Hardware Token API | Disable a user's hardware authenticator. |
| Cloud Administration Delete Hardware Token API | Delete a hardware authenticator from CAS. |
| Cloud Administration Clear PIN for Hardware Token API | Clear a user's PIN for a hardware authenticator. |
| Cloud Administration Update Hardware Token Name API | Change the name of a hardware authenticator. |
| Cloud Administration Retrieve Hardware Token Serial Number API | Retrieve a hardware authenticator serial number. |
| Cloud Administration MFA Agent Lookup REST API | Look up an MFA Agent tracking record by its Software ID or hostname. |
| Cloud Administration Enable SecurID DS100 OTP Credential API | Enable a user's SecurID DS100 OTP credential. |
| Cloud Administration Disable SecurID DS100 OTP Credential API | Disable a user's SecurID DS100 OTP credential. |
| Cloud Administration Delete SecurID DS100 OTP Credential API | Delete a user's SecurID DS100 OTP credential. |
| Cloud Administration Retrieve RSA DS100 OTP Credential API | Retrieve RSA DS100 OTP credential. |
| Cloud Administration Clear PIN SecurID DS100 OTP Credential API | Clear the PIN of an OTP credential of a SecurID DS100 authenticator. |
| Cloud Administration Generate and Download Report APIs | Generate and download the All Synchronized Users report. |
API Date and Time Format
The RSA Cloud Administration REST APIs format date and time timestamps as strings in ISO 8601 format using both the non-UTC and the UTC time standard. However, For non-UTC times it must be syntactically correct ISO 8601 for a time with a timezone. For example, 2021-09-30T09:15:00.000+10:00.
All APIs format timestamps with the complete date plus hours, minutes, seconds, and milliseconds using the ISO 8601 format:
yyyy-mm-ddThh:MM:ss.tttTZD
yyyy is year
mm is month
dd is day
hh is hour (24 hour clock)
MM is minutes
ss is seconds
ttt is milliseconds
TZD is a Time Zone Designator, which can be the following:
Z for UTC or
a UTC offset. For example, +10:00 or -05:00
Examples of the returned string value are:
1997-07-16T19:20:30.045Z
2021-10-31T23:59:59.999+05:30
2025-07-30T11:22:12.828-08:00
Related Articles
Restore from Backup Number of Views Configure Logging Number of Views Clean Up Unresolvable Users Manually Number of Views RSA Authentication Agent SDK for C Error Handling Vulnerability Number of Views Manage My Page Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
