Kinda of a broad question here, so thank you for your attention.
Following how Vault implements the database secret engine, where you can define the creation and revocation statements for dynamic credentials: is it possible (or is there any available engine) that would allow the same process but using REST API requests?
For example, I have a custom web external application that supports managing users (create, delete, change), passwords and group memberships via its own REST API endpoints. It would be great if Vault would be able to be configured to manage it.
You define the creation and revocation statements in the role. Check out:
On doing this via the API - totally - everything in Vault is based on the API, in the case of new or beta functionality that might only start with the API.
Vault supports three types of plugins; auth methods, secret engines, and database plugins.
There is no generic HTTP secrets engine that can connect to an external API, you would need to build a custom Vault plugin. The only knowledge necessary to write a plugin is basic command-line skills and basic knowledge of the Go programming language.
You can follow this tutorial to learn how to build a custom secrets engine to rotate/manage your own tokens, passwords, and more with Vault and your custom API.