Use the LastPass Enterprise API Postman Collection

LastPass provides a Postman collection (a group of saved API requests) to assist with building workflows and simplifying admin tasks (such as provisioning, updating, and deleting users). The "LastPass Enterprise API" Postman collection contains commonly used API requests, which you can issue at the click of a button. Once a request has been sent, the response (data you requested, a status message, or an error message) is displayed within the Postman application itself for easy viewing.

Before you begin: Make sure you have downloaded Postman from https://www.postman.com/downloads/ and installed it on your computer. Alternatively, you can sign up to use the web version of Postman at https://www.postman.com/.

Note: The example screenshots displayed in this article use the Windows version of Postman.

Import the "LastPass Enterprise API" Postman collection into Postman.

Download the Postman collection from here: LastPass Enterprise API Postman Collection (ZIP)
Unzip the file so you have a .json file called LastPass Enterprise API.postman_collection.json.
Open the Postman application, and select Import.

Result: The Import dialog box pops up.
On the File tab, select Upload Files.
Browse your computer and select the unzipped LastPass Enterprise API.postman_collection.json file, then select Open.
Select Import.

Result: The "LastPass Enterprise API" Postman collection has now been imported into Postman.
In the left navigation, select Collections, and expand LastPass Enterprise API. All the API requests in the collection are displayed.

Set up variables in Postman for your company's account number (CID) and provisioning hash (API secret).

Retrieve and save your company's account number (CID) and provisioning hash (API secret) from LastPass. To obtain your LastPass account number and provisioning hash, follow instructions in this article: Where can I find the CID (account number) and API secret?

Note: As soon as you navigate away from or refresh the page showing your provisioning hash, it will be gone. Make sure your copy the information while it is visible, and then save it as a secure note in the LastPass vault.
In Postman, select the "Environment quick look" eye icon in the top right corner. In the Globals section, select Add.

Result: The Globals table is displayed.
In the Globals table:
1. In the VARIABLE column, in the first row, enter CID.
  
  Note: The variable name is case-sensitive so make sure you enter it exactly as it is indicated here.
2. Leave TYPE as default.
3. In the INITIAL VALUE column, in the first row, enter your company's account number (CID) that you have just retrieved from LastPass.
In the Globals table:
1. In the VARIABLE column, in the second row, enter ProvisionHash.
  
  Note: The variable name is case-sensitive so make sure you enter it exactly as it is indicated here.
2. Leave TYPE as default.
3. In the INITIAL VALUE column, in the second row, enter the provisioning hash (API secret) that you have just retrieved from LastPass.
Select Save, and close the Globals tab.
Result: You have set up variables for your company's account number (CID) and provisioning hash (API secret). From now on, these will be automatically populated in the relevant fields of any API request that you execute from the Postman collection.

Make a test API call to see if everything works as expected.

In the LastPass Enterprise API collection on the left, select an API request.
Details of the request are displayed on the right. For example, the Body tab displays the body of your request, including the cid and provhash values, which are retrieved from the variables you set up earlier.
Make any required changes in the body of the request. For example, if you wish to use the "Get User Data" request for testing, change the value of "username" to a known username.
Click Send.
To check the response, click the Body tab in the bottom half of the screen.

Depending on the request you issued, you will either get the requested data in the response or information abut the outcome of your request (for example, {"status": "OK"}).

Tip: To see the well-formatted version of a JSON object returned, click the XML drop-down and select JSON. To set up Postman so that it always displays responses as prettified JSON, follow instructions in: How do I set up Postman so that API response data is always shown as JSON?.

Results: You are now ready to use the "LastPass Enterprise API" Postman collection.

How do I access the documentation for the "LastPass Enterprise API" Postman collection?

The "LastPass Enterprise API" Postman collection comes with its own documentation. Once you have imported the collection into Postman, you can access the document from Postman itself.

Open Postman and select the Collections tab.
Click the three dots displayed next to LastPass Enterprise API, and select View documentation.

Result: You are presented with the API documentation.

How do I set up Postman so that API response data is always shown as JSON?

It may happen that the API response that you get back displays data in a way that is hard to read because it is not well-formatted JSON with line breaks and indentation in the right places. There is a way to set up Postman so that it always displays data as JSON.

In Postman, click the cog icon in the top toolbar on the right, and select Settings.
Result: The SETTINGS dialog box is displayed.
On the General tab, in the Request section, set Language detection to JSON.
Close the SETTINGS dialog box.

Results: From now on, all API responses will display data in JSON format.

What should I look for if I am getting an error when trying to make an API call?

When you get an error (for example, "Authorization Error") after issuing an API call, there is some basic troubleshooting that you can do locally.

In Postman, select the "Environment quick look" eye icon in the top right corner.
In the Globals section, make sure that CID and ProvisionHash have both the INITIAL VALUE and the CURRENT VALUE set.