We’re thrilled to introduce Cerby’s secure, developer-friendly public APIs, a major step forward in automating security for disconnected applications. Managing applications that don’t support common integration standards such as SAML and SCIM, has long been a manual, time-consuming process—leaving organizations with critical security gaps and operational inefficiencies. With Cerby’s new APIs, our customers and partners can now automate security tasks, streamline access management, and strengthen control over disconnected applications.
The new APIs allow developer teams to programmatically interact with Cerby accounts, secrets, collections, users, teams, and integrations, unlocking powerful automation and custom integration opportunities tailored to your business needs.
Solving real-world security challenges
Security and IT teams face complex challenges when managing disconnected applications. These applications often operate outside the visibility of identity providers, making them prime targets for unauthorized access and security risks. Cerby’s APIs help organizations regain control over these applications, extending the identity perimeter to ensure secure and seamless management.
How Cerby APIs address security gaps:
- Automate compliance & reporting: Gain visibility through automated user access reviews and secret management for applications outside your IdP. Maintain an up-to-date audit trail, enforce regulatory compliance, and automate periodic user access reviews.
- Streamlined identity governance: Easily manage the entire lifecycle of disconnected applications. User access, entitlements, and changes can be reviewed and tracked seamlessly through the intuitive API design, simplifying identity governance and reinforcing your security posture.
- Automate and unify security processes: Tailor integrations to fit your organization’s unique needs, gaining visibility into disconnected applications and improving security. Reduce manual effort by automating repetitive security tasks, improving operational efficiency and strengthening your overall security framework.
How it works: automate provisioning in minutes
In this example, we will walk through an example of how to automate provisioning to a disconnected application. Before we begin, we have already configured the application as a Business Hub in Cerby and are ready to build an automation to give access to users. The Cerby Tenant API allows us to invite, update, and revoke users within a Cerby-managed application.
Generate an API Key
Log in to the Cerby dashboard as an administrator and open the Settings menu. Find the “API Keys” tab and click “Generate new API Key”.
Next, name the key and provide an expiration time, we recommend that you select the shortest timeframe necessary. We will store the API key in Cerby Secret.
Key Permissions
API keys are scoped to certain permission sets to ensure that the key cannot be used for unintended purposes. Consider the scopes carefully, they cannot be changed later. We will select:
- Read Integrations - allows reading information regarding the application and current users.
- Write Integrations - allows changes that result in a modification.
- Read Automated Jobs - allows us to read the status of the tasks we launch.
Click “Next” to continue.
Collect the API Key
The API key is displayed to the administrator once. This should be treated like a privileged credential, and stored accordingly. It can also be saved as a Cerby secret.
Call the Cerby API
We now call the Cerby API to invite this user to our business hub. The API receives a POST request with a JSON body containing the request. For this example, we are using Postman to make the request.
Build the Request
Authorization
Before we can make a request of the Cerby API, we must present the API key. Pass a header containing the key as follows:
"X-Api-Key": "MySuperSecretApiKey"
URL
Use the Cerby Workspace domain as a starting point and substitute the Cerby subdomain and the ID of the business hub that needs to be provisioned. The URL should look like this:
https://<subdomain>.cerby.com/api/v1/integrations/<your-business-hub-id>/users
The application ID can be found by navigating to the app in Cerby and checking the URL. For example, we see the ID in this URL:
https://demos.cerby.com/account?id=f021ea01-0220-4ebf-9a62-2979b8e7fd12&view=settings
For this example, this would be the final URL:
https://demos.cerby.com/api/v1/integrations/f021ea01-0220-4ebf-9a62-2979b8e7fd12/users
Data
We must build our JSON body. In this example, we are inviting a single user and want to apply a role to the user and pass some attributes for when Cerby creates this user. This user will be a collaborator, they cannot modify or reveal their credentials.
{
"data":{
"attributes":{
"role": "account_owner",
"entitlements": [
{
"id": "MEMBER"
}
],
"userIds": [
"69136e60-7f01-4f73-9c67-34d458554126"
],
"dynamicFields" : {
"nickname": "Solid Snake",
"location": "Philadelphia",
"jobCode:": "Agent",
}
},
"type": "invite_tenant_users"
}
}
We use the dynamicFields option to pass an array of attributes which the Cerby automations will use to fill in required user information. Submit the request.
Success!
If done correctly, Cerby will respond with a Job ID. This ID can be used to track progress with another call to the API. Here is the reply:
{
"data": {
"attributes": {
"status": "created"
},
"id": "43c65e54-07f2-48c1-9014-498d9150f8b1",
"type": "job"
}
}
It will take a few moments to perform the task and confirm that the user was successfully created or invited.
What’s Next? Exciting enhancements ahead
We’re continuously expanding our API capabilities, including more detailed insights into user, secret, and account activities, as well as updated workspace settings. Stay tuned for these updates as we continue to evolve our offerings based on your feedback.
Ready to strengthen and automate security? Visit the Cerby developer portal to get started today. For more details, reach out to your customer success representative.
