powershelllastpass

LastPass Enterprise API New User Request


I am trying to use the LastPass Enterprise API to automate the creation of new users in our system using Powershell. I cannot seem to get the call to the API correct in my code. I am almost certain it has something to do with the "data" object. This is the batch object I am passing through the body.

$lastPassObject = @{
      cid = "G1TUROWN";
      provhash = "N0TM!NE";
      cmd = "batchadd";
      data = @(
        {          
          username = $email;
          fullname = $firstName + " " + $lastName;
          password = "Toys4Trucks22!";
          password_reset_required = "true";
        } 
      )
  }

Here is my API call

Invoke-RestMethod -Uri "https://lastpass.com/enterpriseapi.php" -Method Post -Body $lastPassObject -ContentType "application/json"

Followed by the Error I am receiving

Error Message

Reference to the API: https://support.lastpass.com/help/add-new-users-via-lastpass-api


Solution

  • You need to convert your body to json before sending it. Also, you put your Data section in a scriptblock within an array. This need to be a hashtable, not a scriptblock.

    $lastPassObject = @{
          cid = "G1TUROWN";
          provhash = "N0TM!NE";
          cmd = "batchadd";
          data = @(
    # This need to be an hashtable. You were missing the @
            @{          
              username = $email;
              fullname = $firstName + " " + $lastName;
              password = "Toys4Trucks22!";
              password_reset_required = $true;
            } 
          )
      }
    
    $Body = $lastPassObject | ConvertTo-Json
    Invoke-RestMethod -Uri "https://lastpass.com/enterpriseapi.php" -Method Post -Body $Body -ContentType "application/json"
    

    If you still have issues after that, make sure to check what the actual json look like (after ConvertTo-Json) so you know exactly what you are sending and can spot more easily discrepancies. For instance, when I first did it, I immediately saw that the data section was all wrong, formatting wise and spotted the missing @ because of that.

    Also, still by looking at the converted json and the example from their doc, you can see that password_reset_required is a boolean. I changed your "true" to $true so that the correlating json would be what was expected.