Bitwarden REST API for automated secrets management on self-hosted server

aaroncoffey · June 10, 2018, 8:50pm

It would be great to have a json rest api for the self-hosted version of Bitwarden. The use case would be secrets management in a networked environment.

Best,
Aaron

kspearrin · June 11, 2018, 12:30am

The applications are already powered by a restful JSON API, though it is not documented.

tjyang · September 16, 2018, 12:28pm

@kspearrin

Looking at https://github.com/bitwarden/cli, it has complete CRUD and login actions in typescript language.

But I have an existing python app that need to do query with BW REST API server.

Can you create similar doc like R1 ?

R1: http://manageiq.org/docs/reference/latest/api/overview/crud

CaptAintHere · January 10, 2019, 3:34pm

Is the REST API is planned to be documented? Please provide at least endpoints and parameters because it is unusable without that…

AndreasBackx · January 21, 2019, 9:29pm

@kspearrin any update on API documentation? I feel like there is fear that people will make their own clients with features that are paid. Is that true?

tjyang · January 24, 2019, 1:30am

Just an FYI, this repo has client using python and rust languages.

AndreasBackx · January 24, 2019, 11:59am

To be faire, I don’t want to go through the source code of an existing cli application just to find out how the API works. I thought that because this was open source, that it’d be easy to adapt to my needs. Alas, it’s not.

tjyang · January 24, 2019, 2:05pm

@AndreasBackx,

Not sure why there are only 4 votes on this request. To me , a formal API doc is important also.

kgoetz · February 1, 2019, 3:48am

Another vote from me!
I was hoping to do some reporting using the new history data (since its not included in the built in reports) but will be deferring the project until I have more time given the lack of documentation

Consumers/implementations of the API I’ve found so far:

Real bit warden, linked in 3rd post
Python CLI tool mentioned ~6th post
RS bitwarden https://github.com/dani-garcia/bitwarden_rs
Rubywarden https://github.com/jcs/rubywarden

Rubywarden has an API overview included in API.md. I was going to do some experiments with curl but going by that description I’ll need something a little more advanced to experiment with.

github.com

jcs/rubywarden/blob/master/API.md

## Bitwarden API Overview

Despite being open source, the
[.NET Bitwarden API code](https://github.com/bitwarden/core)
is somewhat difficult to navigate and comprehend from a high level,
and there is no formal documentation on API endpoints or how the
encryption and decryption is implemented.

The following notes were made by analyzing traffic between the Firefox
extension and the Bitwarden servers by running
[tools/mitm.rb](mitm.rb)
and having the Firefox extension use `http://127.0.0.1:4567/` as its
base URL.

The details for key derivation and encryption/decryption were done by
reading the
[web extension](https://github.com/bitwarden/browser)
code.

### Password hashing and encryption key derivation

This file has been truncated. show original

I have only skimmed the API code but it seems manageable as a research source.

akvadrako · August 8, 2019, 11:29am

There is also a plugin for the popular python keyring package:

tjyang · April 29, 2020, 12:27pm

Now that we have api documented at https://docs.bitwarden.com/api/
IMHO, the Server API was not well designed. B.W. is designed to keep password record(BW call it Item).
Why there is no entry point for Item C.R.U.D. operations ?

I just want to be able to Create,Update,Retrieve and Delete Items ! From a REST client.

tgreer · April 29, 2020, 7:39pm

Hey @tjyang - I know restful access is a big topic for access to vault data, but as you know, currently access to the encrypted data requires a client to encrypt/decrypt the payload so that the server never has access to any decrypted data, either in flight or at rest.

You could use python to access the collection / user information in a restful manner, and also use the same python app to make bash commands with the Bitwarden CLI, and pipe the JSON back to the python application for CRUD operations.

bdoublet91 · May 10, 2020, 9:03pm

Hi,
I have the same need so I have tested some project that had reversed the bitwarden browser plugin to get routes.
I have succeeded to create an entry with folderID and OrganisationID with /api/ciphers/create and POST data.

However, Bitwarden needs to have some data encrypted with specific process details here:
rubywarden/API.md at master · jcs/rubywarden
and here:
https://docs.cozy.io/en/cozy-stack/bitwarden/

I tested some ruby function but cant fix my problem for now. The way I encrypt my data is wrong but don’t known why. I created a topic if someone knows. Look for /api/ciphers in search

Only the browser plugin is working to Post to the bitwarden API and didnt succeed in reverse the code

tgreer · May 11, 2020, 4:52pm

Hi @bdoublet91 - interesting stuff

You may want to start a new thread in the User-to-user support topic to see if anyone may be able to help with your project.

bdoublet91 · May 11, 2020, 9:30pm

Hi,

Already did it:
Here [BITWARDEN][API] /api/ciphers/create - Browser
Let’s see if someone can help me
I think the answer is on the bitwarden browser plugin that do well the encryption of the datas

Yonggan · September 25, 2020, 12:29pm

Hey guys, wanted to introduce my Project to you:

It is a Node.js Express Wrapper arround the Bitwarden CLI working with docker containers to create sessions for every user. It is really beta and not documented now but maybe it is a point of interest.

tgreer · September 25, 2020, 1:25pm

Sounds like this could be helpful! Thanks @Yonggan, and welcome!

Yonggan · September 25, 2020, 2:33pm

@tgreer Thank you
I will write some docs for it soon
Pull Requests welcome