Skip to main content
Question

What criteria must a custom application meet to support password rotation via Password Safe Cloud REST API?

  • November 18, 2025
  • 1 reply
  • 62 views
A
Forum|alt.badge.img+3

Hello Everyone,

I’m working on password rotation for a custom (unsupported) application using the BeyondTrust Password Safe Cloud REST API. Before proceeding, I want to confirm whether such an application can be integrated for automated password rotation.

Can someone clarify:

What technical criteria or parameters must a custom application support in order to be compatible with Password Safe Cloud’s REST API-based password rotation?
For example:

  • Required authentication methods?

  • Connectivity or protocol requirements?

  • Ability to expose credentials or respond to rotation workflows?

  • Any mandatory fields/settings needed in Password Safe for custom platforms?

  • Any limitations or known restrictions for cloud API rotations?

Any guidance or examples from your experience would be greatly appreciated.

Thanks!

    1 reply

    J
    BeyondTrust Employee
    • jchandler
    • BeyondTrust Employee
    • November 21, 2025

    Hello ​@AmilaK 

    There are a few ways PasswordSafe can manage credentials.
    You can onboard one of our supported platforms. https://docs.beyondtrust.com/bips/docs/ps-supported-platforms 
    You can also use a "Custom Platform", a custom platform uses SSH to connect to and manage credentials. 
    A custom platform is any application \ system that you can connect to via SSH and issue commands to change a password you could create a Custom Platform.
    For an application that is not on our supported platform list or is not SSH enabled you could use our Password Safe Software Development Kit https://docs.beyondtrust.com/bips/docs/ps-sdk 
    The SDK allows you to create a plugin in C# that can be added to PasswordSafe to manage your custom application. 
    The SDK code generator creates all the scaffolding required for your plugin, with stub implementations of password checking and changing. You code the details of how the checks and changes are done. 
    You can get the Password Safe SDK from our Password Safe Resource Kit that can be downloaded from our Customer Portal https://beyondtrustcorp.service-now.com/csm 
    Have a look at the included "Platform Plugin Resource Kit Readme.pdf" for details on setting the SDK in Visual Studio.

    Once you have added your application as a managed system and added some managed accounts you can use the Password Safe API to rotate the credentials.
    The specific API call to do the change is "POST ManagedAccounts/{managedAccountID}/Credentials/Change"
    Here is a link to our Rest API Guide.
    https://docs.beyondtrust.com/bips/docs/password-safe-apis#post-managedaccountsmanagedaccountidcredentialschange

    For API sample code have a look in the Resource Kit mentioned above in the "API Samples" section. We have sample code in various languages.

    Also for a walkthrough on Configuring, testing, and troubleshooting Password Safe API please have a look at this KB.https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0017018

    Hopefully this helps,

    Regards,

    John

     

    Badge Earners

    • BCA: Privileged Remote Access
      GroSanhas earned the badge BCA: Privileged Remote Access
    • Core Concepts - Privileged Remote Access
      Ahmed Butthas earned the badge Core Concepts - Privileged Remote Access
    • BCA: Password Safe
      Abdelhamid.Saberhas earned the badge BCA: Password Safe
    • BCA: Remote Support
      DQ2has earned the badge BCA: Remote Support
    • BCA: Endpoint Privilege Management - Windows
      CHRISK1has earned the badge BCA: Endpoint Privilege Management - Windows
    Show all badges
    Terms & ConditionsCookie settingsAccessibility statement