Using the Cloud Administration APIs

The Cloud Administration APIs are REST-based web service interfaces you can use to create clients that perform administrative operations.

Note: You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.

Information for Super Admins

The following information is for Super Admins:

Note: When you create API keys, you must assign the Super Administrator role to keys that will be used in the SecurID Add/Remove High-Risk User API and SecurID Retrieve High-Risk User List API. This role ensures that the API has the appropriate administrative permissions in the Cloud Authentication Service.

Information for Application Client Developers

The following information is for developers who build client applications that can interact with these APIs.

Reference Purpose
Authentication for the Cloud Administration APIs Authenticate using a JSON Web Token (JWT).
Cloud Administration Event Log API Retrieve audit log events from the Cloud Authentication Service. You can import these events into your security information and event management (SIEM) solution, such as NetWitness.
Cloud Administration User Event Log API Retrieve user event logs from the Cloud Authentication Service. You can import these events into your security and event management solution, such as NetWitness.
Cloud Administration User Details API Retrieve device and other details about individual users.
Cloud Administration Delete User Now API Delete a single disabled user from the Cloud Authentication Service and immediately remove all information and devices associated with the user.
Cloud Administration Authenticator Details API Version 1

Retrieve device details about individual users. Does not inlcude the SecurID 700 hardware token.
Cloud Administration Authenticator Details API Version 2

Retrieve device details about individual users. Includes the SecurID 700 hardware token.
Cloud Administration Delete User Device API

Delete devices for individual users.
Cloud Administration Retrieve Authentication Audit Logs API Retrieve authentication audit logs.
Cloud Administration Update SMS and Voice Phone API Update the user's phone numbers for SMS Tokencodes and Voice Tokencodes.
Cloud Administration User Search API

Find a user by searching for a string in the user's email address.

Cloud Administration Unlock User Tokencodes API Unlock users' Authenticate Tokencodes, SMS Tokencodes, and Voice Tokencodes.
Cloud Administration User Status API Update a user's status from Disabled to Enabled, or from Enabled to Disabled.
Cloud Administration Mark User Deleted API Mark a disabled user as pending deletion. You can also undelete a user if marking that user for deletion was a mistake.
Cloud Administration Synchronize User API Synchronize a user between an identity source and the Cloud Authentication Service.
Cloud Administration User Status API

Find a user by searching for a string in the user's email address.

Cloud Administration Health Check API Receive frequent updates on the Cloud Authentication Service availability.
Cloud Administration Retrieve Device Registration Code API

Generate a code so that users can register their iOS, Android, and Windows devices.

Cloud Administration Enable Emergency Tokencode API

Enable Emergency Tokencode for a user.
Cloud Administration Disable Emergency Tokencode API Disable Emergency Tokencode for a user.
Cloud Administration Add/Remove High-Risk User API

Add or remove one or more users from the high-risk user list. (Cloud Premier)
Cloud Administration Retrieve High-Risk User List API Version 1

Retrieve a list of users who are identified as high risk, version 1. (Cloud Premier)
Cloud Administration Retrieve High-Risk User List API Version 2

Retrieve a list of users who are identified as high risk, version 2. (Cloud Premier)
Cloud Administration Anomalous Users API Retrieve a list of users who exhibit anomalous behavior. This feature is for companies that use Identity Confidence in access policies.
Cloud Administration Retrieve License Usage API Retrieve MFA license usage to monitor for license compliance.
Cloud Administration FIDO Authenticator API Integrate FIDO authenticator management into your own applications and tools.
Cloud Administration Assign Hardware Token API Assign a hardware token to a user.
Cloud Administration Unassign Hardware Token API Unassign a user's hardware token.
Cloud Administration Enable Hardware Token API Enable a user's hardware token.
Cloud Administration Disable Hardware Token API Disable a user's hardware token.
Cloud Administration Delete Hardware Token API Delete a hardware token from the Cloud Authentication Service.
Cloud Administration Clear PIN for Hardware Token API Clear a user's PIN for a hardware token.
Cloud Administration Update Hardware Token Name API Change the name of a hardware token.
Cloud Administration Retrieve Hardware Token Serial Number API Retrieve a hardware token serial number.
Cloud Administration MFA Agent Lookup REST API Look up an MFA Agent tracking record by its Software ID or hostname.
Cloud Administration Enable SecurID DS100 OTP Credential API Enable a user's SecurID DS100 OTP credential.
Cloud Administration Disable SecurID DS100 OTP Credential API Disable a user's SecurID DS100 OTP credential.
Cloud Administration Delete SecurID DS100 OTP Credential API Delete a user's SecurID DS100 OTP credential.
Cloud Administration Clear PIN SecurID DS100 OTP Credential API

Clear the PIN of an OTP credential of a SecurID DS100 authenticator.
Cloud Administration Generate and Download Report APIs Generate and download the All Synchronized Users report.

API Date and Time Format

The SecurID Cloud Administration REST APIs format date and time timestamps as strings in ISO 8601 format using the UTC time standard. All APIs format timestamps with the complete date plus hours, minutes, seconds, and milliseconds using the ISO 8601 format:

YYYY-MM-DDThh:mm:ss.sTZD

In UTC time, an example of the returned string value is:

1997-07-16T19:20:30.045Z