The REST API provides create, update, get, and delete operations on platform management resources. The resources are grouped in the following categories:

  • Agents and Gateways
  • Alerts
  • Automation
  • Exports
  • Integrations
  • Knowledge Base
  • Metrics
  • Monitoring
  • Patching
  • Resource Management
  • Tenancy and Access Controls
  • Tickets

View a summary of resource endpoints and operations in the next section.

The following topics describe basic REST API capabilities.


The API supports OAuth 2.0 authentication. All API requests require authentication.

To authenticate API requests you need to provide an ID and authentication token with the request. When you set up a custom integration, providing your credentials and specifying ‘OAUTH2’ authentication, you receive:

  • tenant ID
  • key
  • secret

Use the key and secret values in the /auth/oauth/token API request to get the authentication token for subsequent API requests. The response provides the authentication token in the access_token field and the time interval for which the token is valid, in seconds, in the expires-in field.

Use the authentication token and tenant ID to authenticate subsequent API requests, passing the authentication token in the request header:

"Authorization: Bearer {authenticationToken}"

Where required, pass the tenant ID as a path parameter.

Base URL

The API fully supports domain-specific partner and client URLs.


Custom brand partners use a base URL that has the following format:


The {partnerName} part of the URL is a path parameter, which is replaced by the partner domain name. For example, the base URL for partner Alpha is:

All other partners use the following base URL:


The base URL for a client who uses custom branding while the partner does not use custom branding is:

Clients and partners who both use custom branding use the client URL, which has the following format:


For example, if both partner Alpha and client Acme are private-labeled, the base URL is

URL path parameters

The API documentation indicates variable URL path parameters using brackets: {pathParameter}. This permits operations on specific resources. For example, a tenant ID path parameter is represented as {tenantID}. When making an API request that requires a tenant ID to be specified, replace {tenantID} with the actual tenant ID.


API versioning ensures application and service compatibility. All API requests include an API version specification.

The API version identifier is appended to the base URL. For example, API version v2 has the following URL format:

HTTP request header

Use the following request header fields to provide data format and authentication information:

AuthorizationBearer {accessToken} or Basic base64_encode(loginName:password)

HTTP response header

the HTTP response header includes rate limit information for adjusting the API request frequency to accommodate performance and service changes.

HTTP HeaderDescriptionExample
X-RateLimit-LimitMaximum number of requests per minute.X-RateLimit-Limit: 500
X-RateLimit-RemainingNumber of requests remaining in the current rate limit window.X-RateLimit-Remaining: 14
X-RateLimit-ResetThe time the current rate limit window resets, in UTC epoch seconds.X-RateLimit-Reset: 1491397260

HTTP methods

The API supports the following methods:

DELETERemove a resource.
GETGet resource data.
POSTModify or update a resource.
PUTCreate or overwrite a resource.

Data encoding

The API supports JSON data encoding of request and response data.

Specify JSON encoding in the HTTP header Content-Type and Accept fields.

HTTP status codes

These status codes are returned by the APIs:

200SuccessRequest succeeded.
400Bad RequestUnable to authenticate.
401UnauthorizedSystem or user is not authorized to use the API.
404Not foundResource was not found.
405Method not allowedHTTP method is not allowed for the resource or not supported by any resource.
407Proxy Authentication RequiredToken expired.
410GoneTenant is unavailable or deactivated.
429Too Many RequestsRequest exceeds the rate limit.
500Internal Server ErrorUnexpected condition preventing the server from completing the request.

Rate limit

The rate limit specifies the number of requests an API server accepts within a time interval to ensure quality of service. If the number of API requests exceeds the rate limit, requests are throttled. The request rate is expressed in requests-per-minute.

Using the rate limit information returned in the response headers permits applications to self-regulate API requests.

The following rate limits apply to each service provider, partner, and client, according to resource category.

API CategoryGET (non-paginated)GET (paginated)POST/DELETE/PUT
Other APIs5005050

A request that is rejected because it exceeds the rate limit returns a HTTP 429 Too Many Requests status code with the following error information in the response body:

    "error" : "throttled",
    "error_description" : "Too Many Requests"

Additional rate limit errors received within one minute of the first error are not processed.