This document offers instructions for consuming the LastPass provisioning API services. The provisioning project exchanges JSON messages with LastPass API. Messages sent to provisioning services contains a signature created with the RSA public key. The payload from messages received from provisioning services is encrypted with AES. RSA public key must be registered in LastPass using the register public key method in UsersProvisining class, this key registration is intended to be executed once and before starting to use provisioning API. There are two implementations available: Java and Python.
It is strongly advised to replace the RSA PEM keys included in this project since they are of public domain. In java, the private key must be in PKCS8 format. Keys files are located under the config folder.
The config.properties file must have the appropriate key values before testing.
- Open the config.properties file with a text editor. This file is located under ProvisioningAPI/java-provisioning/src/main/resources/config.properties for java samples, and ProvisioningAPI/python-provisioning/config.properties for python samples
- Go to LastPass admin portal and open the “Advanced Options” tab on the left side menu. Select “Keys” from the submenu.
- Copy the “Generic API” key-value by clicking on the green button and replace the generic_api_key property value with yours in the config.properties file
How to consume provisioning API?
The LastPass provisioning API base URL is https://identity-api.lastpass.com/Generic/. This API makes possible to manage users, groups, and roles. Responses from all methods come as a generic JSON object whose payload is encrypted with AES using the registered RSA public key:
Generic Response Sample
Generic Response Schema
Important: the responses described in the following API methods shows only the decrypted value of Value.Payload field for simplicity.
Public Key Registration Methods
Registers public RSA key with LastPass.
Public Key Registration Sample
Response: decrypted payload response is a single string, not JSON.