api

package
v0.0.0-...-d1189bc Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 8, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package api implements the HTTP client for the Bitwarden/Vaultwarden API. It handles authentication, token management, and all API endpoint calls.

Index

Constants

View Source 
const (
	EmergencyAccessStatusInvited           = 0
	EmergencyAccessStatusAccepted          = 1
	EmergencyAccessStatusConfirmed         = 2
	EmergencyAccessStatusRecoveryInitiated = 3
	EmergencyAccessStatusRecoveryApproved  = 4
)

Emergency access status constants.

View Source 
const (
	EmergencyAccessTypeView     = 0
	EmergencyAccessTypeTakeover = 1
)

Emergency access type constants.

Variables

This section is empty.

Functions

func NewTLSTransport 

func NewTLSTransport(insecureSkipVerify bool) *http.Transport

NewTLSTransport creates an http.Transport with sensible TLS defaults. It clones the default transport and sets TLS 1.2 as the minimum version. If insecureSkipVerify is true, certificate verification is disabled.

Types

type APIError 

type APIError struct {
	StatusCode int
	Body       string
}

APIError represents a non-2xx response from the API.

func (*APIError) Error 

func (e *APIError) Error() string

type AcceptOrgInviteRequest 

type AcceptOrgInviteRequest struct {
	Token string `json:"token"`
}

AcceptOrgInviteRequest is the request to accept an org invite.

type AdminClient 

type AdminClient struct {
	// contains filtered or unexported fields
}

AdminClient is the HTTP client for the Vaultwarden admin API. It uses cookie-based authentication via the /admin endpoint.

func NewAdminClient 

func NewAdminClient(baseURL string, logger *slog.Logger) *AdminClient

NewAdminClient creates a new admin API client for the given server URL.

func (*AdminClient) DeauthUser 

func (c *AdminClient) DeauthUser(userID string) error

DeauthUser deauthenticates all sessions for a user via the admin API.

func (*AdminClient) DeleteOrganization 

func (c *AdminClient) DeleteOrganization(orgID string) error

DeleteOrganization deletes an organization via the admin API.

func (*AdminClient) DeleteUser 

func (c *AdminClient) DeleteUser(userID string) error

DeleteUser deletes a user via the admin API.

func (*AdminClient) DisableUser 

func (c *AdminClient) DisableUser(userID string) error

DisableUser disables a user via the admin API.

func (*AdminClient) EnableUser 

func (c *AdminClient) EnableUser(userID string) error

EnableUser enables a user via the admin API.

func (*AdminClient) GetUser 

func (c *AdminClient) GetUser(userID string) (*AdminUser, error)

GetUser returns a specific user by ID via the admin API.

func (*AdminClient) InviteUser 

func (c *AdminClient) InviteUser(email string) error

InviteUser invites a new user via the admin API.

func (*AdminClient) ListOrganizations 

func (c *AdminClient) ListOrganizations() ([]AdminOrganization, error)

ListOrganizations returns all organizations via the admin API. Since Vaultwarden doesn't seem to have a dedicated JSON endpoint for organizations, we extract them from the user list.

func (*AdminClient) ListUsers 

func (c *AdminClient) ListUsers() ([]AdminUser, error)

ListUsers returns all users via the admin API.

func (*AdminClient) Login 

func (c *AdminClient) Login(adminToken string) error

Login authenticates with the admin panel using the admin token. Vaultwarden's admin API uses a POST to /admin with the token, which sets a session cookie for subsequent requests.

func (*AdminClient) Remove2FA 

func (c *AdminClient) Remove2FA(userID string) error

Remove2FA removes two-factor authentication for a user via the admin API.

func (*AdminClient) ResendInvite 

func (c *AdminClient) ResendInvite(userID string) error

ResendInvite re-sends the invitation email for a user via the admin API.

func (*AdminClient) SetInsecureSkipVerify 

func (c *AdminClient) SetInsecureSkipVerify(skip bool)

SetInsecureSkipVerify configures TLS for the admin client. It always enforces TLS 1.2 as minimum and optionally disables certificate verification.

type AdminOrganization 

type AdminOrganization struct {
	ID           string `json:"id"`
	Name         string `json:"name"`
	BillingEmail string `json:"billingEmail"`
}

AdminOrganization represents an organization returned by the Vaultwarden admin API.

type AdminUser 

type AdminUser struct {
	ID               string              `json:"id"`
	Email            string              `json:"email"`
	Name             string              `json:"name"`
	Enabled          bool                `json:"userEnabled"`
	EmailVerified    bool                `json:"emailVerified"`
	CreatedAt        string              `json:"createdAt"`
	LastActive       string              `json:"lastActive"`
	TwoFactorEnabled bool                `json:"twoFactorEnabled"`
	Organizations    []AdminOrganization `json:"organizations"`
}

AdminUser represents a user returned by the Vaultwarden admin API.

type BulkConfirmData 

type BulkConfirmData struct {
	ID  string `json:"id"`
	Key string `json:"key"`
}

BulkConfirmData is a single entry in a bulk confirm request.

type BulkConfirmRequest 

type BulkConfirmRequest struct {
	Keys []BulkConfirmData `json:"keys"`
}

BulkConfirmRequest is the request for POST /api/organizations/{id}/users/confirm.

type BulkPublicKeysRequest 

type BulkPublicKeysRequest struct {
	IDs []string `json:"ids"`
}

BulkPublicKeysRequest is the request to get multiple members' public keys.

type ChangeEmailRequest 

type ChangeEmailRequest struct {
	NewEmail              string `json:"newEmail"`
	MasterPasswordHash    string `json:"masterPasswordHash"`
	NewMasterPasswordHash string `json:"newMasterPasswordHash"`
	Token                 string `json:"token"`
	Key                   string `json:"key"`
}

ChangeEmailRequest is the request body for POST /api/accounts/email.

type ChangePasswordRequest 

type ChangePasswordRequest struct {
	MasterPasswordHash    string `json:"masterPasswordHash"`
	NewMasterPasswordHash string `json:"newMasterPasswordHash"`
	MasterPasswordHint    string `json:"masterPasswordHint,omitempty"`
	Key                   string `json:"key"`
	Kdf                   int    `json:"kdf"`
	KdfIterations         int    `json:"kdfIterations"`
	KdfMemory             int    `json:"kdfMemory,omitempty"`
	KdfParallelism        int    `json:"kdfParallelism,omitempty"`
}

ChangePasswordRequest is the request body for POST /api/accounts/password.

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is the HTTP client for the Bitwarden/Vaultwarden API.

func NewClient 

func NewClient(baseURL string, logger *slog.Logger) *Client

NewClient creates a new API client for the given server URL.

func (*Client) AcceptEmergencyAccess 

func (c *Client) AcceptEmergencyAccess(id string, req *EmergencyAccessAcceptRequest) error

AcceptEmergencyAccess accepts an emergency access invitation.

func (*Client) AcceptOrgInvite 

func (c *Client) AcceptOrgInvite(orgID, orgUserID string, req *AcceptOrgInviteRequest) error

AcceptOrgInvite accepts an organization invite.

func (*Client) AccessSend 

func (c *Client) AccessSend(accessID string, req *SendAccessRequest) (*SendAccessResponse, error)

AccessSend accesses a Send by its access ID (recipient side).

func (*Client) ApproveEmergencyAccess 

func (c *Client) ApproveEmergencyAccess(id string) error

ApproveEmergencyAccess approves an emergency access request (grantor).

func (*Client) BaseURL 

func (c *Client) BaseURL() string

BaseURL returns the configured base URL.

func (*Client) BulkConfirmOrgMembers 

func (c *Client) BulkConfirmOrgMembers(orgID string, req *BulkConfirmRequest) error

BulkConfirmOrgMembers confirms multiple org members at once.

func (*Client) ChangeEmail 

func (c *Client) ChangeEmail(req *ChangeEmailRequest) error

ChangeEmail changes the account email address.

func (*Client) ChangePassword 

func (c *Client) ChangePassword(req *ChangePasswordRequest) error

ChangePassword changes the master password and re-encrypted symmetric key.

func (*Client) ConfirmEmergencyAccess 

func (c *Client) ConfirmEmergencyAccess(id string, req *EmergencyAccessConfirmRequest) error

ConfirmEmergencyAccess confirms an emergency access grantee (grantor sends RSA-encrypted key).

func (*Client) ConfirmOrgMember 

func (c *Client) ConfirmOrgMember(orgID, memberID string, req *ConfirmMemberRequest) error

ConfirmOrgMember confirms a pending organization member.

func (*Client) CreateCipher 

func (c *Client) CreateCipher(data map[string]any) (map[string]any, error)

CreateCipher creates a new cipher.

func (*Client) CreateCollection 

func (c *Client) CreateCollection(orgID string, req *CreateCollectionRequest) (*CollectionResponse, error)

CreateCollection creates a new collection in an organization.

func (*Client) CreateFileSend 

func (c *Client) CreateFileSend(req *SendRequest) (*SendResponse, error)

CreateFileSend creates the metadata for a new file Send.

func (*Client) CreateFolder 

func (c *Client) CreateFolder(req *FolderRequest) (*FolderResponse, error)

CreateFolder creates a new folder.

func (*Client) CreateGroup 

func (c *Client) CreateGroup(orgID string, req *GroupRequest) (*GroupResponse, error)

CreateGroup creates a new group.

func (*Client) CreateOrganization 

func (c *Client) CreateOrganization(req *CreateOrgRequest) (*OrgResponse, error)

CreateOrganization creates a new organization.

func (*Client) CreateSend 

func (c *Client) CreateSend(req *SendRequest) (*SendResponse, error)

CreateSend creates a new text Send.

func (*Client) DeleteCipher 

func (c *Client) DeleteCipher(id string) error

DeleteCipher deletes a cipher by ID.

func (*Client) DeleteCollection 

func (c *Client) DeleteCollection(orgID, collectionID string) error

DeleteCollection deletes a collection from an organization.

func (*Client) DeleteEmergencyAccess 

func (c *Client) DeleteEmergencyAccess(id string) error

DeleteEmergencyAccess revokes/deletes an emergency access grant.

func (*Client) DeleteFolder 

func (c *Client) DeleteFolder(id string) error

DeleteFolder deletes a folder by ID.

func (*Client) DeleteGroup 

func (c *Client) DeleteGroup(orgID, groupID string) error

DeleteGroup deletes a group.

func (*Client) DeleteOrganization 

func (c *Client) DeleteOrganization(orgID string, req *DeleteOrgRequest) error

func (*Client) DeleteSend 

func (c *Client) DeleteSend(id string) error

DeleteSend deletes a Send.

func (*Client) EditOrgMember 

func (c *Client) EditOrgMember(orgID, memberID string, req *EditMemberRequest) error

EditOrgMember updates an organization member's role and permissions.

func (*Client) GetAPIKey 

func (c *Client) GetAPIKey(masterPasswordHash string) (string, error)

GetAPIKey returns the API key for the account.

func (*Client) GetCipher 

func (c *Client) GetCipher(id string) (map[string]any, error)

GetCipher returns a single cipher by ID.

func (*Client) GetCiphers 

func (c *Client) GetCiphers() ([]map[string]any, error)

GetCiphers returns all ciphers from the vault.

func (*Client) GetCollectionUsers 

func (c *Client) GetCollectionUsers(orgID, collectionID string) ([]CollectionUserAccess, error)

GetCollectionUsers returns the users with access to a collection.

func (*Client) GetEmergencyAccess 

func (c *Client) GetEmergencyAccess(id string) (*EmergencyAccessResponse, error)

GetEmergencyAccess returns details of a single emergency access grant.

func (*Client) GetOrgAPIKey 

func (c *Client) GetOrgAPIKey(orgID, masterPasswordHash string) (string, string, error)

GetOrgAPIKey retrieves the organization's API key. This uses the regular authenticated API (not the public API), so the caller must be logged in as an org owner.

func (*Client) GetOrgCiphers 

func (c *Client) GetOrgCiphers(orgID string) ([]map[string]any, error)

GetOrgCiphers returns all organization ciphers.

func (*Client) GetOrgMemberPublicKeys 

func (c *Client) GetOrgMemberPublicKeys(orgID string, memberIDs []string) ([]PublicKeyResponse, error)

GetOrgMemberPublicKeys returns the public keys of org members.

func (*Client) GetOrganization 

func (c *Client) GetOrganization(orgID string) (*OrgResponse, error)

GetOrganization returns organization details.

func (*Client) GetSend 

func (c *Client) GetSend(id string) (*SendResponse, error)

GetSend returns a single Send by ID.

func (*Client) GetTokens 

func (c *Client) GetTokens() (accessToken, refreshToken string)

GetTokens returns the current access and refresh tokens.

func (*Client) GetUserPublicKey 

func (c *Client) GetUserPublicKey(userID string) (string, error)

GetUserPublicKey retrieves the public key of another user.

func (*Client) InitiateEmergencyAccess 

func (c *Client) InitiateEmergencyAccess(id string) error

InitiateEmergencyAccess starts the emergency access countdown (grantee).

func (*Client) InviteEmergencyAccess 

func (c *Client) InviteEmergencyAccess(req *EmergencyAccessInviteRequest) error

InviteEmergencyAccess invites a new emergency contact.

func (*Client) InviteToOrganization 

func (c *Client) InviteToOrganization(orgID string, req *InviteRequest) error

InviteToOrganization invites users to an organization.

func (*Client) ListCollections 

func (c *Client) ListCollections(orgID string) ([]CollectionResponse, error)

ListCollections returns all collections for an organization.

func (*Client) ListFolders 

func (c *Client) ListFolders() ([]FolderResponse, error)

ListFolders returns all folders for the authenticated user.

func (*Client) ListGrantedEmergencyAccess 

func (c *Client) ListGrantedEmergencyAccess() ([]EmergencyAccessResponse, error)

ListGrantedEmergencyAccess returns emergency access grantors (grantee view).

func (*Client) ListGroupMembers 

func (c *Client) ListGroupMembers(orgID, groupID string) ([]string, error)

ListGroupMembers returns the membership IDs of users in a group.

func (*Client) ListGroups 

func (c *Client) ListGroups(orgID string) ([]GroupResponse, error)

ListGroups returns all groups for an organization.

func (*Client) ListOrgMembers 

func (c *Client) ListOrgMembers(orgID string) ([]OrgMember, error)

ListOrgMembers returns all members of an organization.

func (*Client) ListSends 

func (c *Client) ListSends() ([]SendResponse, error)

ListSends returns all sends for the current user.

func (*Client) ListTrustedEmergencyAccess 

func (c *Client) ListTrustedEmergencyAccess() ([]EmergencyAccessResponse, error)

ListTrustedEmergencyAccess returns emergency access grantees (grantor view).

func (*Client) Login 

func (c *Client) Login(email, passwordHash, deviceIdentifier string) (*LoginResponse, error)

Login authenticates with the server using email and master password hash.

func (*Client) LoginWithAPIKey 

func (c *Client) LoginWithAPIKey(clientID, clientSecret, deviceIdentifier string) (*LoginResponse, error)

LoginWithAPIKey authenticates with the server using a client ID and secret.

func (*Client) Prelogin 

func (c *Client) Prelogin(email string) (*PreloginResponse, error)

Prelogin fetches the KDF parameters for the given email address.

func (*Client) RefreshAccessToken 

func (c *Client) RefreshAccessToken() error

RefreshAccessToken refreshes the access token using the refresh token.

func (*Client) Register 

func (c *Client) Register(req *RegisterRequest) error

Register creates a new account.

func (*Client) ReinviteEmergencyAccess 

func (c *Client) ReinviteEmergencyAccess(id string) error

ReinviteEmergencyAccess resends the invitation.

func (*Client) RejectEmergencyAccess 

func (c *Client) RejectEmergencyAccess(id string) error

RejectEmergencyAccess rejects an emergency access request (grantor).

func (*Client) RemoveGroupMember 

func (c *Client) RemoveGroupMember(orgID, groupID, memberID string) error

RemoveGroupMember removes a single member from a group.

func (*Client) RemoveOrgMember 

func (c *Client) RemoveOrgMember(orgID, memberID string) error

RemoveOrgMember removes a member from an organization.

func (*Client) RemoveSendPassword 

func (c *Client) RemoveSendPassword(id string) error

RemoveSendPassword removes the password from a Send.

func (*Client) RequestEmailChange 

func (c *Client) RequestEmailChange(req *RequestEmailChangeRequest) error

RequestEmailChange initiates an email change by requesting a verification token.

func (*Client) RotateKey 

func (c *Client) RotateKey(req *RotateKeyRequest) error

RotateKey rotates the account encryption key.

func (*Client) SetEmergencyAccessPassword 

func (c *Client) SetEmergencyAccessPassword(id string, req *EmergencyAccessPasswordRequest) error

SetEmergencyAccessPassword sets a new master password on the grantor account (takeover).

func (*Client) SetGroupMembers 

func (c *Client) SetGroupMembers(orgID, groupID string, memberIDs []string) error

SetGroupMembers replaces the full set of members in a group.

func (*Client) SetInsecureSkipVerify 

func (c *Client) SetInsecureSkipVerify(skip bool)

SetInsecureSkipVerify configures TLS for the client. It always enforces TLS 1.2 as minimum and optionally disables certificate verification.

func (*Client) SetReauthFunc 

func (c *Client) SetReauthFunc(fn func() error)

SetReauthFunc sets a callback that the client will invoke when an API call receives an HTTP 401 Unauthorized response. The callback should attempt to re-authenticate (e.g. via refresh token or full re-login) so that the request can be retried with a valid access token.

func (*Client) SetTokens 

func (c *Client) SetTokens(accessToken, refreshToken string)

SetTokens sets the access and refresh tokens after login.

func (*Client) Sync 

func (c *Client) Sync() (*SyncResponse, error)

Sync performs a full vault sync, returning all profile data, ciphers, folders, collections, and sends.

func (*Client) TakeoverEmergencyAccess 

func (c *Client) TakeoverEmergencyAccess(id string) (*EmergencyAccessTakeoverResponse, error)

TakeoverEmergencyAccess gets the takeover data (KDF params + encrypted key).

func (*Client) UpdateCipher 

func (c *Client) UpdateCipher(id string, data map[string]any) (map[string]any, error)

UpdateCipher updates an existing cipher.

func (*Client) UpdateCollection 

func (c *Client) UpdateCollection(orgID, collectionID string, req *CreateCollectionRequest) (*CollectionResponse, error)

UpdateCollection updates an existing collection.

func (*Client) UpdateEmergencyAccess 

func (c *Client) UpdateEmergencyAccess(id string, req *UpdateEmergencyAccessRequest) error

UpdateEmergencyAccess updates an emergency access grant.

func (*Client) UpdateFolder 

func (c *Client) UpdateFolder(id string, req *FolderRequest) (*FolderResponse, error)

UpdateFolder updates a folder's name.

func (*Client) UpdateGroup 

func (c *Client) UpdateGroup(orgID, groupID string, req *GroupRequest) (*GroupResponse, error)

UpdateGroup updates an existing group.

func (*Client) UpdateProfile 

func (c *Client) UpdateProfile(req *UpdateProfileRequest) error

UpdateProfile updates the account profile (name, hint).

func (*Client) UpdateSend 

func (c *Client) UpdateSend(id string, req *SendRequest) (*SendResponse, error)

UpdateSend updates an existing Send.

func (*Client) UploadSendFile 

func (c *Client) UploadSendFile(sendID string, fileID string, fileName string, data []byte) (*SendResponse, error)

UploadSendFile uploads the actual encrypted file data for a Send.

func (*Client) VerifyEmail 

func (c *Client) VerifyEmail() error

VerifyEmail requests a new verification email.

func (*Client) VerifyEmailToken 

func (c *Client) VerifyEmailToken(userID, token string) error

VerifyEmailToken sends the verification token to the server.

func (*Client) ViewEmergencyAccess 

func (c *Client) ViewEmergencyAccess(id string) (*EmergencyAccessViewResponse, error)

ViewEmergencyAccess retrieves the grantor's vault ciphers (grantee, after approval).

type CollectionGroupAccess 

type CollectionGroupAccess struct {
	ID            string `json:"id"`
	ReadOnly      bool   `json:"readOnly"`
	HidePasswords bool   `json:"hidePasswords"`
	Manage        bool   `json:"manage"`
}

CollectionGroupAccess specifies group access to a collection.

type CollectionResponse 

type CollectionResponse struct {
	ID             string `json:"id"`
	OrganizationID string `json:"organizationId"`
	Name           string `json:"name"`
	ExternalID     string `json:"externalId,omitempty"`
}

CollectionResponse represents a collection returned by the API.

type CollectionSelection 

type CollectionSelection struct {
	ID            string `json:"id"`
	ReadOnly      bool   `json:"readOnly"`
	HidePasswords bool   `json:"hidePasswords"`
	Manage        bool   `json:"manage"`
}

CollectionSelection specifies access for a collection.

type CollectionUserAccess 

type CollectionUserAccess struct {
	ID            string `json:"id"`
	ReadOnly      bool   `json:"readOnly"`
	HidePasswords bool   `json:"hidePasswords"`
	Manage        bool   `json:"manage"`
}

CollectionUserAccess specifies user access to a collection.

type ConfirmMemberRequest 

type ConfirmMemberRequest struct {
	Key string `json:"key"`
}

ConfirmMemberRequest is the request to confirm an org member.

type CreateCollectionRequest 

type CreateCollectionRequest struct {
	Name       string                  `json:"name"`
	ExternalID string                  `json:"externalId,omitempty"`
	Groups     []CollectionGroupAccess `json:"groups"`
	Users      []CollectionUserAccess  `json:"users"`
}

CreateCollectionRequest is the request body for creating a collection.

type CreateOrgRequest 

type CreateOrgRequest struct {
	Name           string      `json:"name"`
	BillingEmail   string      `json:"billingEmail"`
	CollectionName string      `json:"collectionName"`
	Key            string      `json:"key"`
	Keys           *OrgKeyData `json:"keys,omitempty"`
	PlanType       int         `json:"planType"`
}

CreateOrgRequest is the request body for POST /api/organizations.

type DeleteOrgRequest 

type DeleteOrgRequest struct {
	MasterPasswordHash string `json:"masterPasswordHash"`
}

DeleteOrganization deletes an organization.

type EditMemberRequest 

type EditMemberRequest struct {
	Type        int                   `json:"type"`
	Collections []CollectionSelection `json:"collections"`
	Groups      []string              `json:"groups"`
	AccessAll   bool                  `json:"accessAll"`
}

EditMemberRequest is the request body for editing an org member.

type EmergencyAccessAcceptRequest 

type EmergencyAccessAcceptRequest struct {
	Token string `json:"token"`
}

EmergencyAccessAcceptRequest is the request to accept an invitation.

type EmergencyAccessConfirmRequest 

type EmergencyAccessConfirmRequest struct {
	Key string `json:"key"`
}

EmergencyAccessConfirmRequest is the request to confirm a grantee.

type EmergencyAccessInviteRequest 

type EmergencyAccessInviteRequest struct {
	Email        string `json:"email"`
	Type         int    `json:"type"`
	WaitTimeDays int    `json:"waitTimeDays"`
}

EmergencyAccessInviteRequest is the request to invite an emergency contact.

type EmergencyAccessKeyUpdate 

type EmergencyAccessKeyUpdate struct {
	ID  string `json:"id"`
	Key string `json:"key"`
}

EmergencyAccessKeyUpdate contains re-encrypted keys for emergency access.

type EmergencyAccessPasswordRequest 

type EmergencyAccessPasswordRequest struct {
	NewMasterPasswordHash string `json:"newMasterPasswordHash"`
	Key                   string `json:"key"`
}

EmergencyAccessPasswordRequest is the request to set a new password on takeover.

type EmergencyAccessResponse 

type EmergencyAccessResponse struct {
	ID           string `json:"id"`
	GrantorID    string `json:"grantorId"`
	GranteeID    string `json:"granteeId"`
	Email        string `json:"email"`
	Name         string `json:"name"`
	Type         int    `json:"type"`
	Status       int    `json:"status"`
	WaitTimeDays int    `json:"waitTimeDays"`
	KeyEncrypted string `json:"keyEncrypted"`
	CreationDate string `json:"creationDate"`
	RevisionDate string `json:"revisionDate"`
}

EmergencyAccessResponse represents an emergency access grant.

type EmergencyAccessTakeoverResponse 

type EmergencyAccessTakeoverResponse struct {
	Kdf            int    `json:"kdf"`
	KdfIterations  int    `json:"kdfIterations"`
	KdfMemory      *int   `json:"kdfMemory"`
	KdfParallelism *int   `json:"kdfParallelism"`
	KeyEncrypted   string `json:"keyEncrypted"`
}

EmergencyAccessTakeoverResponse contains KDF params and encrypted key for takeover.

type EmergencyAccessViewResponse 

type EmergencyAccessViewResponse struct {
	Ciphers      []map[string]any `json:"ciphers"`
	KeyEncrypted string           `json:"keyEncrypted"`
}

EmergencyAccessViewResponse is the response for viewing a grantor's vault.

type FolderRequest 

type FolderRequest struct {
	Name string `json:"name"`
}

FolderRequest is the request body for creating or updating a folder.

type FolderResponse 

type FolderResponse struct {
	ID           string `json:"id"`
	Name         string `json:"name"`
	RevisionDate string `json:"revisionDate"`
}

FolderResponse represents a folder returned by the API.

type GroupRequest 

type GroupRequest struct {
	Name        string                `json:"name"`
	AccessAll   bool                  `json:"accessAll"`
	ExternalID  string                `json:"externalId,omitempty"`
	Collections []CollectionSelection `json:"collections"`
	Users       []string              `json:"users"`
}

GroupRequest is the body for creating/updating a group.

type GroupResponse 

type GroupResponse struct {
	ID             string `json:"id"`
	OrganizationID string `json:"organizationId"`
	Name           string `json:"name"`
	AccessAll      bool   `json:"accessAll"`
	ExternalID     string `json:"externalId,omitempty"`
}

GroupResponse represents a group returned by the API.

type InviteRequest 

type InviteRequest struct {
	Emails      []string              `json:"emails"`
	Type        int                   `json:"type"`
	Collections []CollectionSelection `json:"collections,omitempty"`
	AccessAll   bool                  `json:"accessAll"`
	Groups      []string              `json:"groups"`
}

InviteRequest is the request body for inviting members to an org.

type LoginResponse 

type LoginResponse struct {
	AccessToken    string `json:"access_token"`
	RefreshToken   string `json:"refresh_token"`
	TokenType      string `json:"token_type"`
	ExpiresIn      int    `json:"expires_in"`
	Key            string `json:"Key"`
	PrivateKey     string `json:"PrivateKey"`
	Kdf            int    `json:"Kdf"`
	KdfIterations  int    `json:"KdfIterations"`
	KdfMemory      *int   `json:"KdfMemory"`
	KdfParallelism *int   `json:"KdfParallelism"`
}

LoginResponse contains the tokens and keys returned after authentication.

type OrgImportGroup 

type OrgImportGroup struct {
	Name              string   `json:"name"`
	ExternalID        string   `json:"externalId"`
	MemberExternalIDs []string `json:"memberExternalIds"`
}

OrgImportGroup represents a group entry in the org import request.

type OrgImportMember 

type OrgImportMember struct {
	Email      string `json:"email"`
	ExternalID string `json:"externalId"`
	Deleted    bool   `json:"deleted"`
}

OrgImportMember represents a member entry in the org import request.

type OrgImportRequest 

type OrgImportRequest struct {
	Groups            []OrgImportGroup  `json:"groups"`
	Members           []OrgImportMember `json:"members"`
	OverwriteExisting bool              `json:"overwriteExisting"`
}

OrgImportRequest is the request body for POST /public/organization/import.

type OrgKeyData 

type OrgKeyData struct {
	EncryptedPrivateKey string `json:"encryptedPrivateKey"`
	PublicKey           string `json:"publicKey"`
}

OrgKeyData holds the org RSA key pair.

type OrgMember 

type OrgMember struct {
	ID     string `json:"id"`
	UserID string `json:"userId"`
	Email  string `json:"email"`
	Name   string `json:"name"`
	Type   int    `json:"type"`
	Status int    `json:"status"`
}

OrgMember represents an organization member.

type OrgResponse 

type OrgResponse struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

OrgResponse is the response for organization operations.

type PreloginRequest 

type PreloginRequest struct {
	Email string `json:"email"`
}

PreloginRequest is the request body for POST /identity/accounts/prelogin.

type PreloginResponse 

type PreloginResponse struct {
	Kdf            int  `json:"kdf"`
	KdfIterations  int  `json:"kdfIterations"`
	KdfMemory      *int `json:"kdfMemory"`
	KdfParallelism *int `json:"kdfParallelism"`
}

PreloginResponse contains the KDF parameters for a user.

type PublicClient 

type PublicClient struct {
	// contains filtered or unexported fields
}

PublicClient is the HTTP client for the Bitwarden/Vaultwarden Public API. It authenticates via OAuth2 client credentials with scope api.organization.

func NewPublicClient 

func NewPublicClient(baseURL string, logger *slog.Logger) *PublicClient

NewPublicClient creates a new Public API client for the given server URL.

func (*PublicClient) Import 

func (p *PublicClient) Import(req *OrgImportRequest) error

Import performs a bulk organization import via POST /public/organization/import. This creates user accounts (if they don't exist), invites them into the organization, and optionally syncs groups.

func (*PublicClient) Login 

func (p *PublicClient) Login(clientID, clientSecret string) error

Login authenticates with the Public API using organization client credentials. The clientID must be in the format "organization.<org_uuid>".

func (*PublicClient) SetInsecureSkipVerify 

func (p *PublicClient) SetInsecureSkipVerify(skip bool)

SetInsecureSkipVerify configures TLS for the public API client. It always enforces TLS 1.2 as minimum and optionally disables certificate verification.

type PublicKeyResponse 

type PublicKeyResponse struct {
	ID     string `json:"id"`
	UserID string `json:"userId"`
	Key    string `json:"key"`
}

PublicKeyResponse is a member's public key response.

type RegisterRequest 

type RegisterRequest struct {
	Email              string       `json:"email"`
	MasterPasswordHash string       `json:"masterPasswordHash"`
	MasterPasswordHint string       `json:"masterPasswordHint,omitempty"`
	Key                string       `json:"key"`
	Keys               *UserKeyData `json:"keys,omitempty"`
	Kdf                int          `json:"kdf"`
	KdfIterations      int          `json:"kdfIterations"`
	KdfMemory          int          `json:"kdfMemory,omitempty"`
	KdfParallelism     int          `json:"kdfParallelism,omitempty"`
}

RegisterRequest is the request body for POST /api/accounts.

type RequestEmailChangeRequest 

type RequestEmailChangeRequest struct {
	NewEmail           string `json:"newEmail"`
	MasterPasswordHash string `json:"masterPasswordHash"`
}

RequestEmailChangeRequest is the request body for POST /api/accounts/email-token.

type ResetPasswordKeyUpdate 

type ResetPasswordKeyUpdate struct {
	OrganizationID string `json:"organizationId"`
	Key            string `json:"resetPasswordKey"`
}

ResetPasswordKeyUpdate contains re-encrypted keys for org password reset.

type RotateKeyRequest 

type RotateKeyRequest struct {
	MasterPasswordHash  string                     `json:"masterPasswordHash"`
	Key                 string                     `json:"key"`
	PrivateKey          string                     `json:"privateKey"`
	Ciphers             []map[string]any           `json:"ciphers"`
	Folders             []map[string]any           `json:"folders,omitempty"`
	Sends               []map[string]any           `json:"sends,omitempty"`
	EmergencyAccessKeys []EmergencyAccessKeyUpdate `json:"emergencyAccessKeys,omitempty"`
	ResetPasswordKeys   []ResetPasswordKeyUpdate   `json:"resetPasswordKeys,omitempty"`
}

RotateKeyRequest is the request body for POST /api/accounts/key.

type SendAccessRequest 

type SendAccessRequest struct {
	Password *string `json:"password,omitempty"`
}

SendAccessRequest is the request to access a Send.

type SendAccessResponse 

type SendAccessResponse struct {
	ID   string         `json:"id"`
	Type int            `json:"type"`
	Name string         `json:"name"`
	Text *SendTextData  `json:"text"`
	File map[string]any `json:"file"`
	Key  string         `json:"key"`
}

SendAccessResponse is the response when accessing a Send.

type SendRequest 

type SendRequest struct {
	Type           int            `json:"type"`
	Key            string         `json:"key"`
	Password       *string        `json:"password,omitempty"`
	MaxAccessCount *int           `json:"maxAccessCount,omitempty"`
	ExpirationDate *string        `json:"expirationDate,omitempty"`
	DeletionDate   string         `json:"deletionDate"`
	Disabled       bool           `json:"disabled"`
	HideEmail      *bool          `json:"hideEmail,omitempty"`
	Name           string         `json:"name"`
	Notes          *string        `json:"notes,omitempty"`
	Text           *SendTextData  `json:"text,omitempty"`
	File           map[string]any `json:"file,omitempty"`
	FileLength     *int           `json:"fileLength,omitempty"`
}

SendRequest is the request body for creating or updating a Send.

type SendResponse 

type SendResponse struct {
	ID             string         `json:"id"`
	AccessID       string         `json:"accessId"`
	Type           int            `json:"type"`
	Name           string         `json:"name"`
	Notes          *string        `json:"notes"`
	Key            string         `json:"key"`
	MaxAccessCount *int           `json:"maxAccessCount"`
	AccessCount    int            `json:"accessCount"`
	Password       *string        `json:"password"`
	Disabled       bool           `json:"disabled"`
	HideEmail      *bool          `json:"hideEmail"`
	ExpirationDate *string        `json:"expirationDate"`
	DeletionDate   string         `json:"deletionDate"`
	RevisionDate   string         `json:"revisionDate"`
	Text           *SendTextData  `json:"text"`
	File           map[string]any `json:"file"`
}

SendResponse is the response from Send endpoints.

type SendTextData 

type SendTextData struct {
	Text   string `json:"text"`
	Hidden bool   `json:"hidden"`
}

SendTextData holds the text content of a text Send.

type SyncFolder 

type SyncFolder struct {
	ID           string `json:"id"`
	Name         string `json:"name"`
	RevisionDate string `json:"revisionDate"`
}

SyncFolder is a folder entry in a sync response.

type SyncOrg 

type SyncOrg struct {
	ID   string `json:"id"`
	Name string `json:"name"`
	Key  string `json:"key"`
}

SyncOrg is an organization entry in the sync profile.

type SyncProfile 

type SyncProfile struct {
	ID            string    `json:"id"`
	Name          string    `json:"name"`
	Email         string    `json:"email"`
	EmailVerified bool      `json:"emailVerified"`
	Premium       bool      `json:"premium"`
	Key           string    `json:"key"`
	PrivateKey    string    `json:"privateKey"`
	SecurityStamp string    `json:"securityStamp"`
	Organizations []SyncOrg `json:"organizations"`
}

SyncProfile contains profile information from a sync response.

type SyncResponse 

type SyncResponse struct {
	Profile     SyncProfile      `json:"profile"`
	Ciphers     []map[string]any `json:"ciphers"`
	Folders     []SyncFolder     `json:"folders"`
	Collections []map[string]any `json:"collections"`
	Sends       []map[string]any `json:"sends"`
}

SyncResponse contains all data returned by a full vault sync.

type UpdateEmergencyAccessRequest 

type UpdateEmergencyAccessRequest struct {
	Type         int `json:"type"`
	WaitTimeDays int `json:"waitTimeDays"`
}

UpdateEmergencyAccessRequest is the request to update emergency access settings.

type UpdateProfileRequest 

type UpdateProfileRequest struct {
	Name               string `json:"name"`
	MasterPasswordHint string `json:"masterPasswordHint"`
}

UpdateProfileRequest is the request body for PUT /api/accounts/profile.

type UserKeyData 

type UserKeyData struct {
	EncryptedPrivateKey string `json:"encryptedPrivateKey"`
	PublicKey           string `json:"publicKey"`
}

UserKeyData holds the user RSA key pair.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.