REST API for Intel(R) Endpoint Management Assistant V5 (v5)

Download OpenAPI specification:Download

This API uses the OAuth2 Resource Owner Password Credentials flow with token path: base URL + /api/token

802.1XSetups

Gets a collection of 802.1X Setups

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

200

Content type

[{"SetupId": 0,
"SetupName": "string",
"TenantId": "string"
}
]

Creates an 802.1X Setup to be used by WifiSetup and Wired802.1X in AMT Profiles.

Role required: Tenant Administrator

Setup properties:

TenantId: This field is not required for this operation. If provided, it will be ignored.

PSK: This value, if provided, must be an OctetString (convertible to a byte array).

ProtectedAccessCredential: This value, if provided, must be an OctetString (convertible to a byte array).

AuthenticationProtocol: Currently, only the 0=EAP_TLS option is fully supported.

ClientAuthenticationSettings.DesignatedSubjectCN: The default value for this property is 4=UserPrincipalName. This is the Subject set in the client certificate and the user name required by the Network Policy Server (NPS), which is the RADIUS implementation by Microsoft.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

TenantId	string <uuid>
SetupId	integer <int32>
SetupName required	string
required	object (IEEE8021x_Settings)

Responses

Request samples

Payload

Content type

{"TenantId": "00000000-0000-0000-0000-000000000000",
"SetupId": 0,
"SetupName": "string",
"Data": {"Enabled": "enabled",
"PSK": "string",
"ProtectedAccessCredential": "string",
"Domain": "string",
"Username": "string",
"ServerCertificateNameComparisonOption": "other",
"ServerCertificateName": "string",
"UseRoamingIdentity": true,
"RoamingIdentity": "string",
"AuthenticationProtocol": "eAP_TLS",
"PXETimeoutInSeconds": 86400,
"AvailableInS0": true,
"ADIntegrationSettings": {"OrganizationUnit": "string",
"SecurityGroups": ["string"
]
},
"ClientAuthenticationSettings": {"ClientCertificateSettings": {"Source": "none",
"Thumbprint": "string",
"CAName": "string",
"Template": "string"
},
"CommonNamesOption": "default",
"CommonNames": ["dNSFQDN"
],
"DesignatedSubjectCN": "dNSFQDN"
},
"RootCertificateSettings": {"Source": "none",
"Thumbprint": "string",
"CAName": "string"
}
}
}

Response samples

200

Content type

{"TenantId": "00000000-0000-0000-0000-000000000000",
"SetupId": 0,
"SetupName": "string",
"Data": {"Enabled": "enabled",
"PSK": "string",
"ProtectedAccessCredential": "string",
"Domain": "string",
"Username": "string",
"ServerCertificateNameComparisonOption": "other",
"ServerCertificateName": "string",
"UseRoamingIdentity": true,
"RoamingIdentity": "string",
"AuthenticationProtocol": "eAP_TLS",
"PXETimeoutInSeconds": 86400,
"AvailableInS0": true,
"ADIntegrationSettings": {"OrganizationUnit": "string",
"SecurityGroups": ["string"
]
},
"ClientAuthenticationSettings": {"ClientCertificateSettings": {"Source": "none",
"Thumbprint": "string",
"CAName": "string",
"Template": "string"
},
"CommonNamesOption": "default",
"CommonNames": ["dNSFQDN"
],
"DesignatedSubjectCN": "dNSFQDN"
},
"RootCertificateSettings": {"Source": "none",
"Thumbprint": "string",
"CAName": "string"
}
}
}

Gets an 802.1X Setup by ID.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

path Parameters

_802_1XSetupId

required

integer <int32>

802.1X Setup ID

Responses

Response samples

200

Content type

{"TenantId": "00000000-0000-0000-0000-000000000000",
"SetupId": 0,
"SetupName": "string",
"Data": {"Enabled": "enabled",
"PSK": "string",
"ProtectedAccessCredential": "string",
"Domain": "string",
"Username": "string",
"ServerCertificateNameComparisonOption": "other",
"ServerCertificateName": "string",
"UseRoamingIdentity": true,
"RoamingIdentity": "string",
"AuthenticationProtocol": "eAP_TLS",
"PXETimeoutInSeconds": 86400,
"AvailableInS0": true,
"ADIntegrationSettings": {"OrganizationUnit": "string",
"SecurityGroups": ["string"
]
},
"ClientAuthenticationSettings": {"ClientCertificateSettings": {"Source": "none",
"Thumbprint": "string",
"CAName": "string",
"Template": "string"
},
"CommonNamesOption": "default",
"CommonNames": ["dNSFQDN"
],
"DesignatedSubjectCN": "dNSFQDN"
},
"RootCertificateSettings": {"Source": "none",
"Thumbprint": "string",
"CAName": "string"
}
}
}

Updates an 802.1X Setup by ID.

Role required: Tenant Administrator

Setup properties:

TenantId: This field is not required for this operation. If provided, it will be ignored.

PSK: This value, if provided, must be an OctetString (convertible to a byte array).

ProtectedAccessCredential: This value, if provided, must be an OctetString (convertible to a byte array).

AuthenticationProtocol: Currently, only the 0=EAP_TLS option is fully supported.

ClientAuthenticationSettings.DesignatedSubjectCN: The default value for this property is 4=UserPrincipalName. This is the Subject set in the client certificate and the user name required by the Network Policy Server (NPS), which is the RADIUS implementation by Microsoft.

path Parameters

_802_1XSetupId

required

integer <int32>

802_1X Setup ID

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

802_1X Setup object to update

TenantId	string <uuid>
SetupId	integer <int32>
SetupName required	string
required	object (IEEE8021x_Settings)

Responses

Request samples

Payload

Content type

{"TenantId": "00000000-0000-0000-0000-000000000000",
"SetupId": 0,
"SetupName": "string",
"Data": {"Enabled": "enabled",
"PSK": "string",
"ProtectedAccessCredential": "string",
"Domain": "string",
"Username": "string",
"ServerCertificateNameComparisonOption": "other",
"ServerCertificateName": "string",
"UseRoamingIdentity": true,
"RoamingIdentity": "string",
"AuthenticationProtocol": "eAP_TLS",
"PXETimeoutInSeconds": 86400,
"AvailableInS0": true,
"ADIntegrationSettings": {"OrganizationUnit": "string",
"SecurityGroups": ["string"
]
},
"ClientAuthenticationSettings": {"ClientCertificateSettings": {"Source": "none",
"Thumbprint": "string",
"CAName": "string",
"Template": "string"
},
"CommonNamesOption": "default",
"CommonNames": ["dNSFQDN"
],
"DesignatedSubjectCN": "dNSFQDN"
},
"RootCertificateSettings": {"Source": "none",
"Thumbprint": "string",
"CAName": "string"
}
}
}

Response samples

200

Content type

{"TenantId": "00000000-0000-0000-0000-000000000000",
"SetupId": 0,
"SetupName": "string",
"Data": {"Enabled": "enabled",
"PSK": "string",
"ProtectedAccessCredential": "string",
"Domain": "string",
"Username": "string",
"ServerCertificateNameComparisonOption": "other",
"ServerCertificateName": "string",
"UseRoamingIdentity": true,
"RoamingIdentity": "string",
"AuthenticationProtocol": "eAP_TLS",
"PXETimeoutInSeconds": 86400,
"AvailableInS0": true,
"ADIntegrationSettings": {"OrganizationUnit": "string",
"SecurityGroups": ["string"
]
},
"ClientAuthenticationSettings": {"ClientCertificateSettings": {"Source": "none",
"Thumbprint": "string",
"CAName": "string",
"Template": "string"
},
"CommonNamesOption": "default",
"CommonNames": ["dNSFQDN"
],
"DesignatedSubjectCN": "dNSFQDN"
},
"RootCertificateSettings": {"Source": "none",
"Thumbprint": "string",
"CAName": "string"
}
}
}

Deletes an 802.1X Setup by ID.

Role required: Tenant Administrator

path Parameters

_802_1XSetupId

required

integer <int32>

802.1X Setup ID

Responses

Gets a collection of Certificate Authorities found in the current Windows domain.

Role required: Tenant Administrator

Responses

Response samples

200

Content type

[{"CAFullName": "string",
"CertificateTemplates": ["string"
],
"IsRoot": true
}
]

AccessTokens

Gets a new Access Token.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User.

This method provides Users the means to obtain a new Access Token before their current one expires.

Responses

Response samples

200

Content type

{"access_token": "string",
"token_type": "string",
"expires_in": 0,
"userName": "string",
"issued": "string",
"expires": "string"
}

Gets a new Access Token using Windows Authentication credentials.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

This method will only grant an Access Token under the following conditions:

EMA must be installed with Windows Domain Authentication mode.
The EMA server must be joined to an Active Directory domain.
The caller must have an EMA account with a username that maps to a User Principal Name in Active Directory.

Responses

Response samples

200

Content type

{"access_token": "string",
"token_type": "string",
"expires_in": 0,
"userName": "string",
"issued": "string",
"expires": "string"
}

Gets a new Access Token using Windows username and password. The Windows username needs to be the User Principal Name (UPN) in Active Directory.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User. This method provides Users the means to obtain a new Access Token using Windows username and password. This method will only grant an Access Token under the following conditions:

EMA must be installed with Windows Domain Authentication mode.
The caller must have an EMA account with a username that maps to a User Principal Name in Active Directory.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Upn required	string
Password required	string

Responses

Request samples

Payload

Content type

{"Upn": "string",
"Password": "string"
}

Response samples

200

Content type

{"access_token": "string",
"token_type": "string",
"expires_in": 0,
"userName": "string",
"issued": "string",
"expires": "string"
}

Method to delete expired or unused tokens

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

204

Content type

{ }

Gets CSRF token pair set in cookies.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User.

This method provides Users the means to get new CSRF token pair set in cookies.

Responses

Response samples

204

Content type

{ }

Agents

Gets the latest agent executable for Win32Console

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

200

Content type

{ }

Gets the latest agent installer for Win32Service

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

200

Content type

{ }

Gets the latest agent executable for Win64Console

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

200

Content type

{ }

Gets the latest agent installer for Win64Service

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

200

Content type

{ }

AjaxCookies

Gets an Ajax cookie.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

200

Content type

{"cookie": "string",
"expireTime": "2019-08-24T14:15:22Z"
}

AmtCredentials

Returns the Amt admin credentials or MEBx password, based on credential type defined in the query string, for a provisioned endpoint if its associated AmtSetup record is found in the database

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User with execute right to the endpoint

When returning MEBx password, the username field in AMT credentials is always null

path Parameters

endpointId

required

string

Hex string with 64 characters and without the 0x prefix

query Parameters

credentialType

string

Can be 'mebx' or 'admin', it is a case sensitive string

Responses

Response samples

200

Content type

{"userName": "string",
"password": "string"
}

AmtProfiles

Gets a list of AMT Profile summaries.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

200

Content type

[{"AmtProfileId": 0,
"Name": "string",
"Description": "string",
"TenantId": "string"
}
]

Creates an AMT Profile.

Role required: Tenant Administrator or Endpoint Group Creator

The following defines the profile object's optional parameters and their default values. If no argument is provided for an optional parameter, then its default value is used.

TlsAuthType: 1 = TlsNoAuth. If this is set to NoTLS, you need to specify the CIRASettings.
PowerPackageSettings.PowerActiveOn: 1 = AlwaysOnInAc.
PowerPackageSettings.PowerStateIdleTimeoutInMinutes: 1.
ManagementInterfacesSettings.WebUIServiceEnabledState: 2 = Enabled.
ManagementInterfacesSettings.KVMInterfaceState: 2 = Enabled.
ManagementInterfacesSettings.UserConsentRequired: 4294967295 = All.
ManagementInterfacesSettings.SOLEnabled: true.
ManagementInterfacesSettings.IDEREnabled: true.
ManagementInterfacesSettings.RedirectionServiceState: SOLEnabled=true and [IDEREnabled=true: 32771(IderOnSolOn); IDEREnabled=false: 32770(IderOffSolOn)]; SOLEnabled=false and [IDEREnabled=true: 32769(IderOnSolOff); IDEREnabled=false: 32768(Disabled)].
FqdnSettings.FqdnSource: 0 = SharedWithHostOS.
IpSettings.DHCPEnabled: true.
IpSettings.SharedStaticIp: false.
IpSettings.Source: 0 = DHCP.
WiFiConnectionSettings.WiFiSetups: Empty collection (it is optional only if WiFiConnectionSettings.WiFiConnectionEnabledConfiguration=0)
Wired802_1XSettings: An object containing _802_1Setup_DBLookupKey=null.
CIRASettings (the whole object): null.
CIRASettings.CIRATunnel: false.
CIRASettings.EnvironmentDetectionDomainSuffix: Value to disable CIRA when the target system is in this network domain when CIRATunnel=true; Empty string when CIRATunnel=false.
CIRASettings.CIRAProxies (the whole object): Empty collection.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

AMT Profile object to create

Name required	string
Description required	string
TlsAuthType	string Enum: "noTLS" "tlsNoAuth" "tlsRemoteAuth" "tlsLocalAuth" "tlsAuth" An integer representing TLS Authentication Mode. Current supported modes are 'noTLS' (TLS disabled) and 'TlsNoAuth' (TLS enabled, no authentication mode)
required	object (Power)
required	object (ManagementInterfaces)
required	object (FQDNSettings)
required	object (IPSettings)
required	object (WiFiConnection)
	object (Wired802_1X)
	object (CIRASettings)

Responses

Request samples

Payload

Content type

{"Name": "string",
"Description": "string",
"TlsAuthType": "noTLS",
"PowerPackageSettings": {"PowerActiveOn": "onInS0",
"PowerStateIdleTimeoutInMinutes": 1
},
"ManagementInterfacesSettings": {"WebUIServiceEnabledState": "enabled",
"KVMInterfaceState": "enabled",
"UserConsentRequired": "none",
"UserConsentDisplayTimeout": 10,
"SOLEnabled": true,
"IDEREnabled": true,
"OneClickRecoveryEnabled": true,
"RemotePlatformEraseEnabled": true
},
"FqdnSettings": {"FqdnSource": "sharedWithHostOS"
},
"IpSettings": {"DHCPEnabled": true,
"SharedStaticIp": true,
"Source": "dHCP",
"IP": "string",
"SubnetMask": "string",
"DefaultGateway": "string",
"PrimaryDNS": "string",
"SecondaryDNS": "string"
},
"WiFiConnectionSettings": {"AMTHostWiFiSyncEnabled": "disabled",
"WiFiConnectionEnabledConfiguration": "noSetup",
"WiFiEnabledInPowerState": "s0Only",
"WiFiSetups": [0
]
},
"Wired802_1XSettings": {"_802_1Setup_DBLookupKey": 0
},
"CIRASettings": {"CIRATunnel": true,
"EnvironmentDetectionDomainSuffix": "string",
"CIRAProxies": [{"AccessInfo": "string",
"InfoFormat": "iPv4",
"Port": 0,
"DNSSuffix": "string"
}
]
}
}

Response samples

200

Content type

{"AmtProfileId": 0,
"TenantId": "string",
"Name": "string",
"Description": "string",
"TlsAuthType": "noTLS",
"PowerPackageSettings": {"PowerActiveOn": "onInS0",
"PowerStateIdleTimeoutInMinutes": 1
},
"ManagementInterfacesSettings": {"WebUIServiceEnabledState": "enabled",
"KVMInterfaceState": "enabled",
"UserConsentRequired": "none",
"UserConsentDisplayTimeout": 10,
"SOLEnabled": true,
"IDEREnabled": true,
"OneClickRecoveryEnabled": true,
"RemotePlatformEraseEnabled": true,
"RedirectionServiceState": "disabled"
},
"FqdnSettings": {"FqdnSource": "sharedWithHostOS"
},
"IpSettings": {"DHCPEnabled": true,
"SharedStaticIp": true,
"Source": "dHCP",
"IP": "string",
"SubnetMask": "string",
"DefaultGateway": "string",
"PrimaryDNS": "string",
"SecondaryDNS": "string"
},
"WiFiConnectionSettings": {"AMTHostWiFiSyncEnabled": "disabled",
"WiFiConnectionEnabledConfiguration": "noSetup",
"WiFiEnabledInPowerState": "s0Only",
"WiFiSetups": [0
]
},
"Wired802_1XSettings": {"_802_1Setup_DBLookupKey": 0
},
"CIRASettings": {"CIRATunnel": true,
"EnvironmentDetectionDomainSuffix": "string",
"CIRAProxies": [{"AccessInfo": "string",
"InfoFormat": "iPv4",
"Port": 0,
"DNSSuffix": "string"
}
]
}
}

Gets an AMT Profile by ID.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

path Parameters

amtProfileId

required

integer <int32>

AMT Profile ID

Responses

Response samples

200

Content type

{"AmtProfileId": 0,
"TenantId": "string",
"Name": "string",
"Description": "string",
"TlsAuthType": "noTLS",
"PowerPackageSettings": {"PowerActiveOn": "onInS0",
"PowerStateIdleTimeoutInMinutes": 1
},
"ManagementInterfacesSettings": {"WebUIServiceEnabledState": "enabled",
"KVMInterfaceState": "enabled",
"UserConsentRequired": "none",
"UserConsentDisplayTimeout": 10,
"SOLEnabled": true,
"IDEREnabled": true,
"OneClickRecoveryEnabled": true,
"RemotePlatformEraseEnabled": true,
"RedirectionServiceState": "disabled"
},
"FqdnSettings": {"FqdnSource": "sharedWithHostOS"
},
"IpSettings": {"DHCPEnabled": true,
"SharedStaticIp": true,
"Source": "dHCP",
"IP": "string",
"SubnetMask": "string",
"DefaultGateway": "string",
"PrimaryDNS": "string",
"SecondaryDNS": "string"
},
"WiFiConnectionSettings": {"AMTHostWiFiSyncEnabled": "disabled",
"WiFiConnectionEnabledConfiguration": "noSetup",
"WiFiEnabledInPowerState": "s0Only",
"WiFiSetups": [0
]
},
"Wired802_1XSettings": {"_802_1Setup_DBLookupKey": 0
},
"CIRASettings": {"CIRATunnel": true,
"EnvironmentDetectionDomainSuffix": "string",
"CIRAProxies": [{"AccessInfo": "string",
"InfoFormat": "iPv4",
"Port": 0,
"DNSSuffix": "string"
}
]
}
}

Updates an AMT Profile by ID.

Role required: Tenant Administrator or Endpoint Group Creator

The properties AmtProfileId and TenantId are readonly and cannot be updated.

The following list defines the default values that would be used for any optional parameters if they are omitted from the profile object:

TlsAuthType: 1 = TlsNoAuth. If this is set to NoTLS, you need to specify the CIRASettings.
PowerPackageSettings.PowerActiveOn: 1 = AlwaysOnInAc.
PowerPackageSettings.PowerStateIdleTimeoutInMinutes: 1.
ManagementInterfacesSettings.WebUIServiceEnabledState: 2 = Enabled.
ManagementInterfacesSettings.KVMInterfaceState: 2 = Enabled.
ManagementInterfacesSettings.UserConsentRequired: 4294967295 = All.
ManagementInterfacesSettings.SOLEnabled: true.
ManagementInterfacesSettings.IDEREnabled: true.
ManagementInterfacesSettings.RedirectionServiceState: SOLEnabled=true and [IDEREnabled=true: 32771(IderOnSolOn); IDEREnabled=false: 32770(IderOffSolOn)]; SOLEnabled=false and [IDEREnabled=true: 32769(IderOnSolOff); IDEREnabled=false: 32768(Disabled)].
FqdnSettings.FqdnSource: 0 = SharedWithHostOS.
IpSettings.DHCPEnabled: true.
IpSettings.SharedStaticIp: false.
IpSettings.Source: 0 = DHCP.
WiFiConnectionSettings.WiFiSetups: Empty collection (it is optional only if WiFiConnectionSettings.WiFiConnectionEnabledConfiguration=0)
Wired802_1XSettings: An object containing _802_1Setup_DBLookupKey=null.
CIRASettings (the whole object): null.
CIRASettings.CIRATunnel: false.
CIRASettings.EnvironmentDetectionDomainSuffix: Value to disable CIRA when the target system is in this network domain when CIRATunnel=true; Empty string when CIRATunnel=false.
CIRASettings.CIRAProxies (the whole object): Empty collection.

path Parameters

amtProfileId

required

integer <int32>

AMT Profile ID

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

AMT Profile object with updates

AmtProfileId required	integer <int32>
TenantId	string
Name required	string
Description required	string
TlsAuthType	string Enum: "noTLS" "tlsNoAuth" "tlsRemoteAuth" "tlsLocalAuth" "tlsAuth" An integer representing TLS Authentication Mode. Current supported modes are 'noTLS' (TLS disabled) and 'TlsNoAuth' (TLS enabled, no authentication mode)
required	object (Power)
required	object (ManagementInterfaces)
required	object (FQDNSettings)
required	object (IPSettings)
required	object (WiFiConnection)
	object (Wired802_1X)
	object (CIRASettings)

Responses

Request samples

Payload

Content type

{"AmtProfileId": 0,
"TenantId": "string",
"Name": "string",
"Description": "string",
"TlsAuthType": "noTLS",
"PowerPackageSettings": {"PowerActiveOn": "onInS0",
"PowerStateIdleTimeoutInMinutes": 1
},
"ManagementInterfacesSettings": {"WebUIServiceEnabledState": "enabled",
"KVMInterfaceState": "enabled",
"UserConsentRequired": "none",
"UserConsentDisplayTimeout": 10,
"SOLEnabled": true,
"IDEREnabled": true,
"OneClickRecoveryEnabled": true,
"RemotePlatformEraseEnabled": true
},
"FqdnSettings": {"FqdnSource": "sharedWithHostOS"
},
"IpSettings": {"DHCPEnabled": true,
"SharedStaticIp": true,
"Source": "dHCP",
"IP": "string",
"SubnetMask": "string",
"DefaultGateway": "string",
"PrimaryDNS": "string",
"SecondaryDNS": "string"
},
"WiFiConnectionSettings": {"AMTHostWiFiSyncEnabled": "disabled",
"WiFiConnectionEnabledConfiguration": "noSetup",
"WiFiEnabledInPowerState": "s0Only",
"WiFiSetups": [0
]
},
"Wired802_1XSettings": {"_802_1Setup_DBLookupKey": 0
},
"CIRASettings": {"CIRATunnel": true,
"EnvironmentDetectionDomainSuffix": "string",
"CIRAProxies": [{"AccessInfo": "string",
"InfoFormat": "iPv4",
"Port": 0,
"DNSSuffix": "string"
}
]
}
}

Response samples

200

Content type

{"AmtProfileId": 0,
"TenantId": "string",
"Name": "string",
"Description": "string",
"TlsAuthType": "noTLS",
"PowerPackageSettings": {"PowerActiveOn": "onInS0",
"PowerStateIdleTimeoutInMinutes": 1
},
"ManagementInterfacesSettings": {"WebUIServiceEnabledState": "enabled",
"KVMInterfaceState": "enabled",
"UserConsentRequired": "none",
"UserConsentDisplayTimeout": 10,
"SOLEnabled": true,
"IDEREnabled": true,
"OneClickRecoveryEnabled": true,
"RemotePlatformEraseEnabled": true,
"RedirectionServiceState": "disabled"
},
"FqdnSettings": {"FqdnSource": "sharedWithHostOS"
},
"IpSettings": {"DHCPEnabled": true,
"SharedStaticIp": true,
"Source": "dHCP",
"IP": "string",
"SubnetMask": "string",
"DefaultGateway": "string",
"PrimaryDNS": "string",
"SecondaryDNS": "string"
},
"WiFiConnectionSettings": {"AMTHostWiFiSyncEnabled": "disabled",
"WiFiConnectionEnabledConfiguration": "noSetup",
"WiFiEnabledInPowerState": "s0Only",
"WiFiSetups": [0
]
},
"Wired802_1XSettings": {"_802_1Setup_DBLookupKey": 0
},
"CIRASettings": {"CIRATunnel": true,
"EnvironmentDetectionDomainSuffix": "string",
"CIRAProxies": [{"AccessInfo": "string",
"InfoFormat": "iPv4",
"Port": 0,
"DNSSuffix": "string"
}
]
}
}

Deletes an AMT Profile by ID.

Role required: Tenant Administrator or Endpoint Group Creator

path Parameters

amtProfileId

required

integer <int32>

AMT Profile ID

Responses

AmtProfileToEndpointGroupsAssignments

Gets a list of Endpoint Groups associated with a given AmtProfileId.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

404 will be returned if AmtProfileId is not found.

path Parameters

amtProfileId

required

integer <int32>

AMT Profile ID

Responses

Response samples

200

Content type

{"EndpointGroupCount": 0,
"AccessibleEndpointGroups": [{"EndpointGroupId": "string",
"Name": "string"
}
]
}

AmtProvisioningCertificates

Gets a collection certificates required for AMT provisioning

Role required: Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

200

Content type

[{"AmtCertificateId": 0,
"Name": "string",
"CommonName": "string",
"NotBefore": "2019-08-24T14:15:22Z",
"NotAfter": "2019-08-24T14:15:22Z",
"HasPrivateKey": true,
"Thumbprint": "string",
"IsAmtProvisioningCert": true,
"InUseByAmtProfile": true,
"Pem": "string",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000"
}
]

Gets a certificate used for AMT provisioning by ID

Role required: Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

path Parameters

amtCertificateId

required

integer <int32>

Responses

Response samples

200

Content type

{"AmtCertificateId": 0,
"Name": "string",
"CommonName": "string",
"NotBefore": "2019-08-24T14:15:22Z",
"NotAfter": "2019-08-24T14:15:22Z",
"HasPrivateKey": true,
"Thumbprint": "string",
"IsAmtProvisioningCert": true,
"InUseByAmtProfile": true,
"Pem": "string",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000"
}

Deletes a certificate used for AMT provisioning, as well as the next ones in the chain serially if they are not a part of another chain.

Role required: Tenant Administrator

path Parameters

amtCertificateId

required

integer <int32>

Responses

Gets the .CER file of an AMT provisioning certificate, or a certificate in its chain, by ID

Role required: Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

The filename of the .CER file will will be specified in the "filename" parameter of the "Content-Disposition" header.

path Parameters

amtCertificateId

required

integer <int32>

Responses

Upload .PFX of AMT provisioning certificate

Role required: Tenant Administrator

To import an AMT provisioning certificate, POST with enctype "multipart/form-data", the .PFX file attached, and the following parameters:
name: certificate nickname
password: password for the .PFX file

Responses

Response samples

200

Content type

[{"AmtCertificateId": 0,
"Name": "string",
"CommonName": "string",
"NotBefore": "2019-08-24T14:15:22Z",
"NotAfter": "2019-08-24T14:15:22Z",
"HasPrivateKey": true,
"Thumbprint": "string",
"IsAmtProvisioningCert": true,
"InUseByAmtProfile": true,
"Pem": "string",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000"
}
]

Upload .PFX general certificates

Role required: Tenant Administrator

To import an certificate, POST with enctype "multipart/form-data", the .PFX file attached, and the following parameters:
name: certificate nickname
password: password for the .PFX file

Responses

Response samples

200

Content type

[{"AmtCertificateId": 0,
"Name": "string",
"CommonName": "string",
"NotBefore": "2019-08-24T14:15:22Z",
"NotAfter": "2019-08-24T14:15:22Z",
"HasPrivateKey": true,
"Thumbprint": "string",
"IsAmtProvisioningCert": true,
"InUseByAmtProfile": true,
"Pem": "string",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000"
}
]

AmtSetups

Gets the AmtSetup (or provisioning record) of an Endpoint

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with View right to the resource.

path Parameters

amtSetupId

required

string

Use value of EndpointId. Hex string with 64 characters and without the 0x prefix

Responses

Response samples

200

Content type

{"AmtSetupId": "string",
"Type": "auto",
"PID": "string",
"Creation": "2019-08-24T14:15:22Z",
"SetsRandomMebxPassword": true,
"Profile": {"UsesTLS": true,
"UsesCIRA": true,
"UsesEmaAccount": true,
"CiraIntranetSuffix": "string",
"AdminPassword": "string",
"MebxPasswordState": "doNotSetMebxPassword",
"ProvisionCertificateHash": "string",
"ProvisioningDnsSuffix": "string",
"PPS": "string"
},
"State": "creation",
"StateString": "string",
"ExtraAmtInfo": {"LastUpdated": "2019-08-24T14:15:22Z",
"HECIDriver": {"Name": "string",
"Status": true,
"Details": "string"
},
"CorporateDNS": {"Name": "string",
"Status": true,
"Details": "string"
},
"CorporateVPN": {"Name": "string",
"Status": true,
"Details": "string"
},
"IntelNic": {"Name": "string",
"Status": true,
"Details": "string"
}
},
"AmtProfileId": 0
}

Deletes the AmtSetup (or provisioning record) of an Endpoint

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the endpoint.

path Parameters

amtSetupId

required

string

Use value of EndpointId. Hex string with 64 characters and without the 0x prefix

Responses

Gets the AmtSetup (or auto-provisioning setting) of an Endpoint Group

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with View right to the resource.

path Parameters

amtSetupId

required

string

Use value of EndpointGroupId. Hex string with 64 characters and without the 0x prefix

Responses

Response samples

200

Content type

{"AmtSetupId": "string",
"Type": "auto",
"PID": "string",
"Creation": "2019-08-24T14:15:22Z",
"SetsRandomMebxPassword": true,
"Profile": {"UsesTLS": true,
"UsesCIRA": true,
"UsesEmaAccount": true,
"CiraIntranetSuffix": "string",
"AdminPassword": "string",
"MebxPasswordState": "doNotSetMebxPassword",
"ProvisionCertificateHash": "string",
"ProvisioningDnsSuffix": "string",
"PPS": "string"
},
"State": "creation",
"StateString": "string",
"ExtraAmtInfo": {"LastUpdated": "2019-08-24T14:15:22Z",
"HECIDriver": {"Name": "string",
"Status": true,
"Details": "string"
},
"CorporateDNS": {"Name": "string",
"Status": true,
"Details": "string"
},
"CorporateVPN": {"Name": "string",
"Status": true,
"Details": "string"
},
"IntelNic": {"Name": "string",
"Status": true,
"Details": "string"
}
},
"AmtProfileId": 0
}

Deletes the AmtSetup (or auto-provisioning setting) of an Endpoint Group

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the endpoint.

path Parameters

amtSetupId

required

string

Use value of EndpointGroupId. Hex string with 64 characters and without the 0x prefix

Responses

Submits a request to provision an AMT Endpoint

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the endpoint.

Certificate provisioning will be requested only if an AMTProvisioningCertificateId is provided, otherwise host-based-provisioning will be requested.

AdminCredential.Password requirements:

between 8 and 31 characters
contains at least one number
contains both lowercase and uppercase alpha characters
contains at least one special character: '!', '@', '#', '$', '%', '^', '&amp;', '*', '(', ')', '-', '+'

CiraIntranetSuffix is applicable only when UsesCira is set to true. The value is a string of up to four comma separated domain name suffixes.

UsesTLS and UsesCira cannot be both true or both false. You need to choose one.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

AMT Setup request object

EndpointId required	string 64 characters
UsesTls required	boolean
UsesCira required	boolean
SetsRandomMebxPassword	boolean If true, MEBx password must be created randomly and set in Firmware
UsesEmaAccount required	boolean
CiraIntranetSuffix	string
required	object (AdminCredential)
AmtCertificateId	integer <int32> [ 1 .. 2147483647 ]

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri",
"UsesTls": true,
"UsesCira": true,
"SetsRandomMebxPassword": true,
"UsesEmaAccount": true,
"CiraIntranetSuffix": "string",
"AdminCredential": {"Password": "string"
},
"AmtCertificateId": 1
}

Response samples

200

Content type

{"AmtSetupId": "string",
"Type": "auto",
"PID": "string",
"Creation": "2019-08-24T14:15:22Z",
"SetsRandomMebxPassword": true,
"Profile": {"UsesTLS": true,
"UsesCIRA": true,
"UsesEmaAccount": true,
"CiraIntranetSuffix": "string",
"AdminPassword": "string",
"MebxPasswordState": "doNotSetMebxPassword",
"ProvisionCertificateHash": "string",
"ProvisioningDnsSuffix": "string",
"PPS": "string"
},
"State": "creation",
"StateString": "string",
"ExtraAmtInfo": {"LastUpdated": "2019-08-24T14:15:22Z",
"HECIDriver": {"Name": "string",
"Status": true,
"Details": "string"
},
"CorporateDNS": {"Name": "string",
"Status": true,
"Details": "string"
},
"CorporateVPN": {"Name": "string",
"Status": true,
"Details": "string"
},
"IntelNic": {"Name": "string",
"Status": true,
"Details": "string"
}
},
"AmtProfileId": 0
}

Submits a request to unprovision an AMT Endpoint

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the endpoint.

Warning: This operation will reset the AMT device to factory settings!

The AMT admin password is optional and should only be used to unprovision an AMT endpoint that was provisioned outside of EMA, or that has no AmtSetup (or Provisioning Record) in the database.

If the AMT Endpoint was provisioned with EMA, and the corresponding AmtSetup record is in the database, then the AMT admin password is unnecessary.

AdminCredential.Password requirements:

--between 8 and 32 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

An unprovision AMT request

EndpointId required	string 64 characters
	object (AdminCredential)

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri",
"AdminCredential": {"Password": "string"
}
}

Sets AMT auto-provisioning for an Endpoint Group.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the endpoint.

For certificate provisioning, provide an AmtCertificateId in the request, otherwise Host-based-provisioning will be set.

To unset auto-provisioning, delete the AmtSetup record using the EndpointGroupId as AmtSetupId.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointGroupId required	string
AmtProfileId required	integer <int32> [ 1 .. 2147483647 ]
SetsRandomMebxPassword	boolean If true, MEBx password must be created randomly and set in Firmware
required	object (AdminCredential)
UsesEmaAccount required	boolean
AmtCertificateId	integer <int32>

Responses

Request samples

Payload

Content type

{"EndpointGroupId": "string",
"AmtProfileId": 1,
"SetsRandomMebxPassword": true,
"AdminCredential": {"Password": "string"
},
"UsesEmaAccount": true,
"AmtCertificateId": 0
}

Response samples

200

Content type

{"AmtSetupId": "string",
"Type": "auto",
"PID": "string",
"Creation": "2019-08-24T14:15:22Z",
"SetsRandomMebxPassword": true,
"Profile": {"UsesTLS": true,
"UsesCIRA": true,
"UsesEmaAccount": true,
"CiraIntranetSuffix": "string",
"AdminPassword": "string",
"MebxPasswordState": "doNotSetMebxPassword",
"ProvisionCertificateHash": "string",
"ProvisioningDnsSuffix": "string",
"PPS": "string"
},
"State": "creation",
"StateString": "string",
"ExtraAmtInfo": {"LastUpdated": "2019-08-24T14:15:22Z",
"HECIDriver": {"Name": "string",
"Status": true,
"Details": "string"
},
"CorporateDNS": {"Name": "string",
"Status": true,
"Details": "string"
},
"CorporateVPN": {"Name": "string",
"Status": true,
"Details": "string"
},
"IntelNic": {"Name": "string",
"Status": true,
"Details": "string"
}
},
"AmtProfileId": 0
}

AuditEvents

Gets a list of Audit Events filterable by optional query string parameters.

Roles required: Global Administrator, Tenant Administrator

Note: Global Administrators can only access Audit Events not associated with a TenantId.

Timestamps are recorded in UTC. Use UTC format when filtering with startDateTime and/or endDateTime. For example, "2020-01-29T15:10:38.017Z"

query Parameters

resourceName	string Resource Name of Audit Events
resourceId	string Resource Id of Audit Events
callerName	string Caller Name of Audit Events
callerId	string <uuid> Caller Id of Audit Events
source	string Enum: "Unknown" "Reserved1" "SwarmServer" "AjaxServer" "WebApi" "RecoveryServer" "ManageabilityServer" "FileActionsServer" "PlatformManager" Source (enum) of Audit Events. If the value is a string and the string is not a valid string name of the enumeration item, it will be ignored.
action	string Enum: "NoAction" "Login" "Logout" "PageLoad" "Starting" "Stopping" "CreateAjaxCookie" "CreateRoutingCookie" "NewMesh" "PowerAction" "AccountDelete" "MeshDelete" "NodeDelete" "AlertMessage" "HttpRedirect" "TcpRedirect" "TestEvent" "AjaxKVM" "AjaxTerminal" "AjaxFiles" "WebSocketDirect" "WebSocketManagement" "Stats" "FileDownload" "FileUpload" "AddAccess" "RemoveAccess" "AmtProvisioningRecordSet" "AmtProvisioningRecordClear" "AmtProvisioningRecordAttempt" "AmtProvisioningRecordUsed" "AmtProvisioningRecordFail" "AgentConnect" "UserFeedback" "UserNodeEvent" "UserMeshEvent" "UserEvent" "AmtRedirectError" "AmtPowerActionSuccess" "AmtPowerActionFailed" "Translation" "NodeEvent" "AgentUninstalled" "NodeMovedToDifferentMesh" "ProcessAmtPreCheck" "UnexpectedError" "NewUser" "EditUser" "RemoveUser" "NewTenant" "EditTenant" "RemoveTenant" "NewGroup" "EditGroup" "RemoveGroup" "UsersInGroupAdded" "UsersInGroupRemoved" "NewRole" "UserRoleChange" "UserAddedToGroup" "UserRemovedFromGroup" "BaseRolesCreated" "AccessDenied" "WebApiEvent" "WMI" "FileDeliver" "FileExecution" "FileSearch" "FileShortOps" "New802_1xSetup" "Edit802_1xSetup" "Delete802_1xSetup" "AMTDiscovery_ByIP" "AMTDiscovery_ByIPAutomatically" "AMTDiscovery_Cancel" "AMTDiscovery_BySubnet" "AMTDiscovery_BySubnetAutomatically" "AMTDiscovery_ByIPRange" "AMTDiscovery_ByIPRangeAutomatically" "AMTDiscovery_ByLocalBroadcast" "AMTDiscovery_ByLocalBroadcastAutomatically" "NewAmtProfile" "EditAmtProfile" "DeleteAmtProfile" "NewAmtProvisioningCertificate" "NewGeneralCertificate" "DeleteAmtProvisioningCertificate" "DeleteManualProvisioning_AMTSetup" "DeleteAutoProvisioning_AMTSetup" "Provision_AMTSetup" "Unprovision_AMTSetup" "AutoProvisioningForEndpointGroup_AMTSetup" "MeshUpdate" "EndpointIBOperation_Reboot" "EndpointIBOperation_Sleep" "EndpointIBOperation_Hibernate" "EndpointIBOperation_Shutdown" "EndpointIBOperation_Alert" "EndpointOOBOperation_Multiple_PowerOn" "EndpointOOBOperation_Multiple_SleepLight" "EndpointOOBOperation_Multiple_SleepDeep" "EndpointOOBOperation_Multiple_PowerCycleOffSoft" "EndpointOOBOperation_Multiple_PowerOffHard" "EndpointOOBOperation_Multiple_Hibernate" "EndpointOOBOperation_Multiple_PowerOffSoft" "EndpointOOBOperation_Multiple_PowerCycleOffHard" "EndpointOOBOperation_Multiple_MasterBusReset" "EndpointOOBOperation_Multiple_PowerOffSoftGraceful" "EndpointOOBOperation_Multiple_PowerOffHardGraceful" "EndpointOOBOperation_Multiple_MasterBusResetGraceful" "EndpointOOBOperation_Multiple_PowerCycleOffSoftGraceful" "EndpointOOBOperation_Multiple_PowerCycleOffHardGraceful" "EndpointOOBOperations_Single_PowerOn" "EndpointOOBOperations_Single_SleepLight" "EndpointOOBOperations_Single_SleepDeep" "EndpointOOBOperations_Single_PowerCycleOffSoft" "EndpointOOBOperations_Single_PowerOffHard" "EndpointOOBOperations_Single_Hibernate" "EndpointOOBOperations_Single_PowerOffSoft" "EndpointOOBOperations_Single_PowerCycleOffHard" "EndpointOOBOperations_Single_MasterBusReset" "EndpointOOBOperations_Single_PowerOffSoftGraceful" "EndpointOOBOperations_Single_PowerOffHardGraceful" "EndpointOOBOperations_Single_MasterBusResetGraceful" "EndpointOOBOperations_Single_PowerCycleOffSoftGraceful" "EndpointOOBOperations_Single_PowerCycleOffHardGraceful" "UserGroupAssignedToEndpointGroup" "UserGroupDisassociatedFromEndpointGroup" "NewWiFiSetup" "EditWiFiSetup" "DeleteWiFiSetup" "GetAmtRoutingCookie" "ValidateAjaxCookie" "AmtWSMAN" "CheckUserAccess" "GetSwarmServerId" "MeshTargetHop" "MutliTargetHop" "EditAjaxServerSettings" "EditFileActionsServerSettings" "EditManageabilityServerSettings" "EditSwarmServerSettings" "EditWebServerSettings" "DecodeRoutingCookie" "GetCRL" "RevokeCertificate" "ResetCRL" "ResumableUploadCreate" "ResumableUploadAppend" "ResumableUploadDelete" "FileUploadRegister" "UsbrImageUpdated" "UsbrImageDeleted" "EndpointOOBOperations_Multiple_PowerCycleToIderIsoSol" "EndpointOOBOperations_Single_PowerCycleToIderIsoSol" "UsbrSessionStarted" "UsbrSessionStopped" "UsbrTempFileDeletedFromDatabase" "UsbrTempFileDeletedFromFilesystem" "UsbrTenantDirectoryDeletedFromFilesystem" "UsbrTenantFileDeletedFromFilesystem" "DosRateLimitedPreAuth" "DosRateLimitedPostAuth" "DosConnectionCount" "DosTcpIdle" "EditSecuritySettings" "DosRateLimitedHttp" "UserConsentCancel" "UserConsentChangeSpriteDisplay" "UserConsentStarted" "UserConsentSendCode" "GetServerSettingsCertificate" "ResetBootSettings" "EditRecoveryServerSettings" "StartPlatformErase" Action (enum) of Audit Events. If the value is a string and the string is not a valid string name of the enumeration item, it will be ignored.
resourceType	string Enum: "NONE" "ROLE" "TENANT" "ENDPOINT_GROUP" "USER_GROUP" "USER" "ENDPOINT" "INTEL_AMT_SETUP" "AMTPROFILE" "WIFISETUP" "AJAXCOOKIE" "SERVERID" "AMT_PROVISIONING_CERTIFICATE" "DEFAULT" "_802_1XSETUP" "AMTDISCOVERY" "BEARER_TOKEN" "ROUTING_COOKIE" "SERVERSETTINGS" "CRL" "RESUMABLE_UPLOAD" "USBR_IMAGE" "USBR_SESSION" "USBR_ORPHAN_FILE_CLEANUP" "PORT" "SERVER_SETTINGS_CERTIFICATE" "REMOTE_ERASE" "ONE_CLICK_RECOVERY" Resource Type (enum) of Audit Events. If the value is a string and the string is not a valid string name of the enumeration item, it will be ignored.
startDateTime	string Start DateTime of a range of Audit Events in UTC format, e.g., 2020-01-29T15:10:38.017Z. If the string cannot be parsed as date time, it will be ignored.
endDateTime	string End DateTime of a range of Audit Events in UTC format, e.g., 2020-01-29T15:10:38.017Z. If the string cannot be parsed as date time, it will be ignored.

Responses

Response samples

200

Content type

[{"Id": "00000000-0000-0000-0000-000000000000",
"Timestamp": "2019-08-24T14:15:22Z",
"Source": "unknown",
"Action": "noAction",
"Uri": "string",
"TenantId": "00000000-0000-0000-0000-000000000000",
"ResourceId": "string",
"ResourceName": "string",
"ResourceType": "nONE",
"CallerId": "00000000-0000-0000-0000-000000000000",
"CallerName": "string",
"CallerIpAddress": "string",
"CallerUserAgent": "string",
"Event": "string",
"ExecutionDurationInMsec": 0
}
]

ClientCredentials

Gets a list of Client credentials objects

Role required: Global Administrator or Tenant Administrator.

If caller user is Global Administrator, this method will return all Client Credentials in all Tenants unless a specific tenantId is provided.
If caller user is Tenant Administrator, this method will return only Client Credentials for that Tenant.

query Parameters

tenantId

string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

Response samples

200

Content type

[{"id": 0,
"userId": "00000000-0000-0000-0000-000000000000",
"name": "string",
"client_id": "00000000-0000-0000-0000-000000000000",
"client_secret": "string",
"tenantId": "00000000-0000-0000-0000-000000000000",
"scope": "string",
"maxFailedLoginAttempts": 0,
"tokenLifetimeHours": 0,
"enabled": true
}
]

Creates a set of client credentials for a Tenant. Only one Client credentials account is allowed per Tenant.

Role required: Global Administrator or Tenant Administrator.

Required parameters:

Client_secret
MaxFailedLoginAttempts - Min 5, Max 15, Default 10
TokenLifetimeHours - Min 1, Max 24, Default 1

Client Secret Requirements

--at least 12 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

id	integer <int32>
userId	string <uuid>
client_id	string <uuid>
client_secret required	string
tenantId	string <uuid>
maxFailedLoginAttempts	integer <int32> [ 5 .. 15 ]
tokenLifetimeHours	integer <int32> [ 1 .. 24 ]

Responses

Request samples

Payload

Content type

{"id": 0,
"userId": "00000000-0000-0000-0000-000000000000",
"client_id": "00000000-0000-0000-0000-000000000000",
"client_secret": "string",
"tenantId": "00000000-0000-0000-0000-000000000000",
"maxFailedLoginAttempts": 5,
"tokenLifetimeHours": 1
}

Response samples

200

Content type

{"id": 0,
"userId": "00000000-0000-0000-0000-000000000000",
"name": "string",
"client_id": "00000000-0000-0000-0000-000000000000",
"client_secret": "string",
"tenantId": "00000000-0000-0000-0000-000000000000",
"scope": "string",
"maxFailedLoginAttempts": 0,
"tokenLifetimeHours": 0,
"enabled": true
}

Updates Client Credentials for a Tenant.

Role required: Global Administrator or Tenant Administrator.

Global Administrators can update any Client Credentials account.
Only Tenant Administrators that share the same Tenant Id with a Client Credentials account, can update it.

Parameters allowed to be updated:

Client_secret
TokenLifetimeHours - Min 1, Max 24, Default 1
Enabled status

Client Secret Requirements

--at least 12 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character

path Parameters

clientCredentialsId

required

string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

client_secret	string
tokenLifetimeHours	integer <int32> [ 1 .. 24 ]
enabled	boolean

Responses

Request samples

Payload

Content type

{"client_secret": "string",
"tokenLifetimeHours": 1,
"enabled": true
}

Response samples

200

Content type

{"id": 0,
"userId": "00000000-0000-0000-0000-000000000000",
"name": "string",
"client_id": "00000000-0000-0000-0000-000000000000",
"client_secret": "string",
"tenantId": "00000000-0000-0000-0000-000000000000",
"scope": "string",
"maxFailedLoginAttempts": 0,
"tokenLifetimeHours": 0,
"enabled": true
}

Deletes Client Credentials for a Tenant.

Role required: Global Administrator or Tenant Administrator.

Global Administrators can delete any Client Credentials account.
Only Tenant Administrators that share the same Tenant Id with a Client Credentials account, can delete it.

path Parameters

clientCredentialsId

required

string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

CRL

CRL Operations

Role required: Global Administrator.

Responses

Response samples

200

Content type

{ }

Adds entry to the CRL. i.e., revokes a certificate

Role required: Global Administrator.

For serial number open the certificate to see details in Windows and find the Serial number's hex value.

Following are the accepted revocation reason codes:

Unspecified (0)
keyCompromise (1)
cACompromise (2)
affiliationChanged (3)
superseded (4)
cessationOfOperation (5)
certificateHold (6)
removeFromCRL (8)
privilegeWithdrawn (9)
aACompromise (10)

If restartEmaComponent is set to true, it will immediately restart all the EMA servers and the IIS default app pool hosting the EMA Website.

query Parameters

restartEmaComponent

boolean

Indicates whether to restart EMA Service, as changes to its configuration are applied only when the services are restarted.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Json with CRLEntry.

serialNumber required	string
reasonCode required	integer <int32>

Responses

Request samples

Payload

Content type

{"serialNumber": "string",
"reasonCode": 0
}

Resets the CRL to empty CRL.

Role required: Global Administrator.

If restartEmaComponent is set to true, it will immediately restart all the EMA servers and the IIS default app pool hosting the EMA Website.

query Parameters

restartEmaComponent

boolean

Indicates whether to restart EMA Service, as changes to its configuration are applied only when the services are restarted.

Responses

EndpointGroups

Gets a collection of Endpoint Group summaries.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Read right to the resource.

Responses

Response samples

200

Content type

[{"EndpointGroupId": "string",
"Name": "string",
"EndpointCount": 0
}
]

Creates a new Endpoint Group

Role required: Tenant Administrator or Endpoint Group Creator.

Password is needed when the endpoint group's policy needs to be modified. Currently, the modification of the policy is not supported yet.

Password requirements:

--between 8 characters and 255 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character

UserConsentKVM_Timeout requirements:

--timeout value must fall between 1 and 65
--timeout in seconds
--this value will be taken if the AllowUserConsentKVM web permission is enabled

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Name required	string
Description required	string
Password required	string.(?=^.{8,255}$)(?=.\d)(?=.[a-z])(?=.[A-Z]...
UserConsentKVM_Timeout	integer <int32> Define timeout in seconds to show user consent window for In-Band KVM connection before reject the operation
required	object (EndpointGroupPermissions)

Responses

Request samples

Payload

Content type

{"Name": "string",
"Description": "string",
"Password": "string",
"UserConsentKVM_Timeout": 0,
"Permissions": {"AllowWakeup": true,
"AllowSleep": true,
"AllowReset": true,
"AllowTcpCommunication": true,
"AllowAlert": true,
"AllowConsole": true,
"AllowKvm": true,
"AllowFileAccess": true,
"AllowWmi": true,
"AllowLocation": true,
"AllowP2P": true,
"AllowUserConsentKVM": true
}
}

Response samples

200

Content type

{"Name": "string",
"Description": "string",
"EndpointGroupId": "string",
"TenantId": "string",
"LastUpdated": "2019-08-24T14:15:22Z",
"UserConsentKVM_Timeout": 0,
"Permissions": {"AllowWakeup": true,
"AllowSleep": true,
"AllowReset": true,
"AllowTcpCommunication": true,
"AllowAlert": true,
"AllowConsole": true,
"AllowKvm": true,
"AllowFileAccess": true,
"AllowWmi": true,
"AllowLocation": true,
"AllowP2P": true,
"AllowUserConsentKVM": true
}
}

Gets the details of a Endpoint Group by ID.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Read right to the resource.

path Parameters

endpointGroupId

required

string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

200

Content type

{"Name": "string",
"Description": "string",
"EndpointGroupId": "string",
"TenantId": "string",
"LastUpdated": "2019-08-24T14:15:22Z",
"UserConsentKVM_Timeout": 0,
"Permissions": {"AllowWakeup": true,
"AllowSleep": true,
"AllowReset": true,
"AllowTcpCommunication": true,
"AllowAlert": true,
"AllowConsole": true,
"AllowKvm": true,
"AllowFileAccess": true,
"AllowWmi": true,
"AllowLocation": true,
"AllowP2P": true,
"AllowUserConsentKVM": true
}
}

Updates an Endpoint Group.

Role required: Tenant Administrator or Endpoint Group Creator.

The only property that can be updated is Description.

path Parameters

endpointGroupId

required

string

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Description required	string
EndpointGroupId required	string

Responses

Request samples

Payload

Content type

{"Description": "string",
"EndpointGroupId": "string"
}

Response samples

200

Content type

{"Name": "string",
"Description": "string",
"EndpointGroupId": "string",
"TenantId": "string",
"LastUpdated": "2019-08-24T14:15:22Z",
"UserConsentKVM_Timeout": 0,
"Permissions": {"AllowWakeup": true,
"AllowSleep": true,
"AllowReset": true,
"AllowTcpCommunication": true,
"AllowAlert": true,
"AllowConsole": true,
"AllowKvm": true,
"AllowFileAccess": true,
"AllowWmi": true,
"AllowLocation": true,
"AllowP2P": true,
"AllowUserConsentKVM": true
}
}

Deletes an Endpoint Group.

Role required: Tenant Administrator or Endpoint Group Creator.

path Parameters

endpointGroupId

required

string

Hex string with 64 characters and without the 0x prefix

Responses

Gets the .msh file associated with an Endpoint Group.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Read right to the resource.

path Parameters

endpointGroupId

required

string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

200

Content type

{ }

Gets the highest access right for a User to an Endpoint Group.

Role required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User.

The access rights that a User has to an Endpoint Group are obtained by way of membership in User Group(s) assigned to that Endpoint Group.

path Parameters

endpointGroupId

required

string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

200

Content type

{"AccessRightsId": 0,
"AccessRights": "string"
}

EndpointIBOperations

Submits batch request to reboot Endpoints inband

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User

The action must be allowed by the Endpoint's Endpoint Group.

With an HTTP 200, the response list will contain only those EndpointIds for which a request was put on the message bus. EndpointIds for which a request was not put on the message bus for one reason or another will not appear in the response list.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits batch request to sleep Endpoints inband

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User

The action must be allowed by the Endpoint's Endpoint Group.

With an HTTP 200, the response list will contain only those EndpointIds for which a request was put on the message bus. EndpointIds for which a request was not put on the message bus for one reason or another will not appear in the response list.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits batch request to hibernate Endpoints inband

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User

The action must be allowed by the Endpoint's Endpoint Group.

With an HTTP 200, the response list will contain only those EndpointIds for which a request was put on the message bus. EndpointIds for which a request was not put on the message bus for one reason or another will not appear in the response list.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits batch request to shutdown Endpoints inband

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User

The action must be allowed by the Endpoint's Endpoint Group.

With an HTTP 200, the response list will contain only those EndpointIds for which a request was put on the message bus. EndpointIds for which a request was not put on the message bus for one reason or another will not appear in the response list.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits batch request to alert Endpoints inband

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User

The action must be allowed by the Endpoint's Endpoint Group.

With an HTTP 200, the response list will contain only those EndpointIds for which a request was put on the message bus. EndpointIds for which a request was not put on the message bus for one reason or another will not appear in the response list.

On receiving an alert, an Endpoint's desktop will popup a MessageBox that closes after a specified duration.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

An object containing a list of Endpoints to which an alert will popup with indicated message and for a specified duration.
•Message: Allowed characters: space, enter, 0-9, a-z, A-Z. Maximum length: 510.
•Duration(seconds): A number between 0 and 300, with 0 for indefinite.

required	Array of objects (EndpointIdDTO)
Message required	string^[ \r\n\dA-Za-z0-9]+$
Duration	integer <int32> [ 0 .. 300 ]

Responses

Request samples

Payload

Content type

{"EndpointIds": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Message": "string",
"Duration": 300
}

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

EndpointOOBOperations

Submits a batch request to perform an out of band PowerOn operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. It will send also a Wake on LAN (WOL) request to all listed endpoints, but only Intel(R) vPro(TM) endpoints are officially supported. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Sleep light operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Sleep Deep operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Power Cycle (Off soft) operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Power off - Hard operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Hibernate operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Power Off-Soft operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Power Cycle (Off hard) operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Master Bus Reset operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Power Off - Soft Graceful operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Power Off - Hard Graceful operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Master Bus Reset Graceful operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Power Cycle (Off - Soft Graceful) operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band Power Cycle (Off - Hard Graceful) operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band boot to USB-R CD/DVD (*.iso) on multiple endpoints Deprecated

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

If no boot-able CD/DVD image is mounted, this power command will boot based on the endpoint's boot order set in BIOS.

If a target endpoint in the input list is powered off and/or user consent is required the requested operation for that target endpoint will fail.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a batch request to perform an out of band boot to USB-R floppy (*.img) on multiple endpoints Deprecated

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

If no boot-able floppy image is mounted, this power command will boot based on the endpoint's boot order set in BIOS.

If a target endpoint in the input list is powered off and/or user consent is required the requested operation for that target endpoint will fail.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

List of EndpointId objects

Array

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

[{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]

Response samples

200

Content type

{"Accepted": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"Forbidden": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"NotFound": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"BadRequest": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
],
"InternalServerError": [{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}
]
}

Submits a request to perform an out of band PowerOn operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Sleep Light operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Sleep Deep operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Power Cycle (Off Soft) operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Power Off - Hard operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Hibernate operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Power Off - Soft operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Power Cycle (Off Hard) operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Master Bus Reset operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Power Off - Soft Graceful operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Power Off - Hard Graceful operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Master Bus Reset Graceful operations

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Power Cycle (Off - Soft Graceful) operations

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band Power Cycle (Off - Hard Graceful) operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band boot to USB-R CD/DVD (*.iso)

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

If no boot-able CD/DVD image is mounted, this power command will boot based on the endpoint's boot order set in BIOS.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Submits a request to perform an out of band boot to USB-R floppy (*.img)

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

If no boot-able floppy image is mounted, this power command will boot based on the endpoint's boot order set in BIOS.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

EndpointId object

EndpointId

required

string 64 characters

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

200

Content type

"string"

Endpoints

Gets the details of an Endpoint by ID

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Read right to the resource.

path Parameters

endpointId

required

string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

200

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri",
"EndpointGroupId": "stringstringstringstringstringstringstringstringstringstringstri",
"EndpointGroupName": "string",
"LastUpdate": "2019-08-24T14:15:22Z",
"ComputerName": "string",
"PlatformType": 0,
"AgentVersion": "string",
"AgentType": "string",
"PowerState": 0,
"PowerStateUpdate": "2019-08-24T14:15:22Z",
"IsConnected": true,
"IsCiraConnected": true,
"NodeIdentity": 0,
"OperatingSystem": "string",
"NeighborsCount": 0,
"AgentLocalAdminMode": "unknown",
"NetworkInterfaces": [{"IPv4Address": "string",
"IPv6Address": "string",
"Subnet": "string",
"Gateway": "string",
"DnsSuffix": "string",
"Mac": "string",
"GatewayMac": "string",
"Description": "string"
}
],
"MEInfo": {"VersionString": "string",
"IsAmtEnabled": true,
"CiraEnabled": true,
"AmtProvisioningState": "pre",
"AmtProvisioningMode": "adminControlMode",
"AmtControlMode": "notprovisioned",
"MEVersion": "string",
"MEFWBuildNumber": 0,
"IsEHBC": true,
"IsAmtVersionValid": true,
"Version": 0,
"HardwareManagementCompatibility": "none"
}
}

Deletes an Endpoint by ID

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Delete right to the resource.

Note: This will stop any active USB-R session to this endpoint

path Parameters

endpointId

required

string

Hex string with 64 characters and without the 0x prefix

Responses

Gets the Hardware information of an Endpoint using Id and AMT connection

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Read right to the resource. The Return code Not Found means endpoint doesn't exist or hardware information for it is not found as the endpoint doesn't support AMT requests

path Parameters

endpointId

required

string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

200

Content type

{"AmtPlatformInfo": {"ComputerModel": "string",
"ManufacturerName": "string",
"SerialNumber": "string",
"VersionNumber": "string",
"SystemId": "00000000-0000-0000-0000-000000000000"
},
"AmtBaseBoardInfo": {"ManufacturerName": "string",
"ProductName": "string",
"VersionNumber": "string",
"SerialNumber": "string",
"AssetTag": "string",
"IsReplaceable": true
},
"AmtBiosInfo": {"ManufacturerName": "string",
"VersionNumber": "string",
"ReleaseDate": "string"
},
"AmtProcessorInfo": [{"ManufacturerName": "string",
"Version": "string",
"MaxClockSpeedInGHz": 0,
"Status": "string"
}
],
"AmtMemoryModuleInfo": [{"BankLabel": "string",
"ManufacturerName": "string",
"SerialNumber": "string",
"Size": 0,
"FormFactor": "string",
"MemoryType": "string",
"AssetTag": "string",
"PartNumber": "string"
}
],
"AmtStorageMediaInfo": [{"Model": "string",
"SerialNumber": "string",
"MaxMediaSize": 0
}
]
}

Get a collection of Endpoint summaries, filterable by EndpointGroupId or HostName.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User.

If endpointGroupId is not specified or empty, get a collection of Endpoint summaries for all endpoint groups that this user has access to.

query Parameters

endpointGroupId	string Endpoint Group ID
computerName	string String as input which need to pass Computer/Host Name need to search
computerNameStartsWith	string String as input search whose Computer/Host Name stars with given input
computerNameContains	string String as input search whose Computer/Host Name contains given input

Responses

Response samples

200

Content type

[{"EndpointId": "string",
"EndpointGroupId": "string",
"EndpointGroupName": "string",
"LastUpdate": "2019-08-24T14:15:22Z",
"MEVersion": "string",
"ComputerName": "string",
"PlatformType": 0,
"AgentVersion": 0,
"AgentIdentifier": 0,
"MEFWBuildNumber": 0,
"PowerState": 0,
"PowerStateUpdate": "2019-08-24T14:15:22Z",
"IsConnected": true,
"NodeIdentity": 0,
"IsAmtVersionValid": true,
"AmtControlMode": "notprovisioned",
"AmtProvisioningState": "pre",
"AmtProvisioningMode": "adminControlMode",
"IsCiraConnected": true
}
]

Get the supported platform capabilities of an endpoint by Id

Role required: Tenant Administrator, Client credentials endpoint manager, or Endpoint Group Creator or Endpoint Group User with Read right to the resource. The Return code Not Found means endpoint doesn't exist or hardware information for it is not found as the endpoint doesn't support AMT requests

path Parameters

endpointId

required

string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

200

Content type

{"AmtBootCapabilities": {"SecureErase": true,
"PlatformErase": {"PlatformEraseSupported": true,
"PyriteRevert": true,
"PyritePsid": "string",
"SsdErase": true,
"SsdMasterPassword": "string",
"TpmClear": true,
"OemCustom": true,
"ClearBiosNvmVars": true,
"BiosReloadConfig": true,
"CsmeUnconfigure": true
},
"OneClickRecovery": {"WinReBoot": true,
"LocalPbaBoot": true,
"HttpsBoot": true
}
}
}

FileUploads

Gets the constraints for performing a file upload based on file type.

Role required: Tenant Administrator

fileType is a required query string parameter. Filetypes supported: usbr

query Parameters

fileType

string

Type of file to be uploaded

Responses

Response samples

200

Content type

{"MaxBytesPerUploadRequest": 0,
"MaxStorageCapacityInBytes": 0,
"RemainingStorageCapacityInBytes": 0,
"ResumableUploadValidityPeriodInDays": 0
}

Uploads a file using a single request.

Role required: Tenant Administrator

This upload method is ideal for a file with a size that is within the threshold of MaxBytesPerUploadRequest, which can be obtained with GET /api/{version}/fileUploads/settings

fileType is a required query string parameter. Filetypes supported: usbr

Use multipart/form-data to attach one file with filename of up to 128 chars and with the optional field:
Description: string (256 max chars)

query Parameters

fileType

string

FileTypes name

Responses

Response samples

201

Content type

{"ResourceUri": "string"
}

Gets the collection of resumable upload statuses.

Role required: Tenant Administrator

fileType is a required query string parameter. Filetypes supported: usbr

query Parameters

fileType

string

FileTypes name

Responses

Response samples

200

Content type

[{"ResumableId": "00000000-0000-0000-0000-000000000000",
"FileName": "string",
"FileType": "string",
"UploadedBytes": 0,
"FileSize": 0,
"Description": "string",
"Expiration": "2019-08-24T14:15:22Z",
"ResourceUri": "string"
}
]

Starts a resumable upload with the first chunk of a file.

Role required: Tenant Administrator

This upload method is ideal for a file with a size that is within the threshold of MaxBytesPerUploadRequest, which can be obtained with GET /api/{version}/fileUploads/settings

fileType is a required query string parameter. Filetypes supported: usbr

Use multipart/form-data to attach one file chunk with the following required fields:
fileName: string (128 max chars)
fileSize: int (total bytes of a completed file)
The following field is optional:
description: string (256 max chars)

After uploading the first chunk, use PUT to upload each subsequent chunk, which will be appended in order to the file until it is complete. The resumable upload needs to be completed before the session expires.

query Parameters

fileType

string

FileTypes name

Responses

Response samples

201
202

Content type

{"ResumableId": "00000000-0000-0000-0000-000000000000",
"FileName": "string",
"FileType": "string",
"UploadedBytes": 0,
"FileSize": 0,
"Description": "string",
"Expiration": "2019-08-24T14:15:22Z",
"ResourceUri": "string"
}

Gets the status of a resumable upload by Id.

Role required: Tenant Administrator

path Parameters

resumableId

required

string

Guid format: 00000000-0000-0000-0000-000000000000

Responses

Response samples

200

Content type

{"ResumableId": "00000000-0000-0000-0000-000000000000",
"FileName": "string",
"FileType": "string",
"UploadedBytes": 0,
"FileSize": 0,
"Description": "string",
"Expiration": "2019-08-24T14:15:22Z",
"ResourceUri": "string"
}

Uploads a subsequent chunk of a resumable upload.

Role required: Tenant Administrator

Use multipart/form-data to attach one file chunk.
Each subsequent chunk will be appended to the file in order until it is complete. The resumable upload needs to be completed before the session expires. When a file is completed, the resumable upload session will be removed.

path Parameters

resumableId

required

string

Responses

Response samples

201
202

Content type

{"ResumableId": "00000000-0000-0000-0000-000000000000",
"FileName": "string",
"FileType": "string",
"UploadedBytes": 0,
"FileSize": 0,
"Description": "string",
"Expiration": "2019-08-24T14:15:22Z",
"ResourceUri": "string"
}

Cancels a resumable upload by Id.

Role required: Tenant Administrator

path Parameters

resumableId

required

string

Guid format: 00000000-0000-0000-0000-000000000000

Responses

Response samples

200

Content type

{ }

Roles

Gets a collection of Roles.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

Responses

Response samples

200

Content type

[{"RoleId": 0,
"Name": "string",
"Description": "string",
"LastUpdated": "2019-08-24T14:15:22Z",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000"
}
]

Gets the details of a Role by ID.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

path Parameters

roleId

required

integer <int32>

Role ID

Responses

Response samples

200

Content type

{"RoleId": 0,
"Name": "string",
"Description": "string",
"LastUpdated": "2019-08-24T14:15:22Z",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000"
}

SecureErase

Submits a request to get status associated with Remote Secure Erase.

Roles required: Tenant Administrator, Client credentials endpoint manager or user in a UserGroup with Execute privileges associated to target EndpointGroup.

The status returned will be only at the time the call is made. It is recommended to poll this API in a loop as needed to get regular status updates

Returns BiosBootStatus object that contains BiosStatus and its value, BiosErrorStatus and its value.

path Parameters

endpointId

required

string

EndpointId object

Responses

Response samples

200

Content type

{"BiosStatus": "success",
"BiosStatusMessage": "string",
"BiosErrorStatus": "successOrInProgress",
"BiosErrorStatusMessage": "string"
}

Submits a request to start remote secure erase.

Roles required: Tenant Administrator, Client credentials endpoint manager or user in a UserGroup with Execute privileges associated to target EndpointGroup.

The status returned will be only at the time the call is made. It is recommended to poll this API in a loop as needed to get regular status updates

The drive master password must be between 1 and 32 characters in length.

This operation will attempt to securely erase the endpoint’s whole drive. If the operation is successful the Intel EMA agent on the endpoint will no longer be operable. If it was provisioned with CIRA mode, the endpoint will still be provisioned and OOB operations via CIRA connection will still be possible.

Use this operation on endpoints in either the shutdown or power-on state. Do not use this operation on endpoints that are in hibernate or sleep state. The Endpoint API can be used to get the endpoint’s current power state, and the EndpointOOBOperations API can be used to set the endpoint’s power state.

path Parameters

endpointId

required

string

EndpointId object

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Object that encapsulates the drive master password

Password

required

string

Responses

Request samples

Payload

Content type

{"Password": "string"
}

Submits a request to clear settings associated with Remote Secure Erase.

Roles required: Tenant Administrator, Client credentials endpoint manager or user in a UserGroup with Execute privileges associated to target EndpointGroup.

path Parameters

endpointId

required

string

EndpointId object

Responses

Response samples

204

Content type

"success"

ServerCertificates

Gets a collection of server certificates.

Role required: Global Administrator

Responses

Response samples

200

Content type

[{"Name": "string",
"CommonName": "string",
"NotBefore": "2019-08-24T14:15:22Z",
"NotAfter": "2019-08-24T14:15:22Z",
"HasPrivateKey": true,
"Thumbprint": "string",
"Pem": "string",
"LastModified": "2019-08-24T14:15:22Z"
}
]

Gets a server certificate by name

Role required: Global Administrator

path Parameters

certificateName

required

string

The certificate name used in Intel(R) EMA database. This is not the subject name or the common name.

Responses

Response samples

200

Content type

{"Name": "string",
"CommonName": "string",
"NotBefore": "2019-08-24T14:15:22Z",
"NotAfter": "2019-08-24T14:15:22Z",
"HasPrivateKey": true,
"Thumbprint": "string",
"Pem": "string",
"LastModified": "2019-08-24T14:15:22Z"
}

Gets the .CER file of an server certificate by name

Role required: Global Administrator

The filename of the .CER file will will be specified in the "filename" parameter of the "Content-Disposition" header.

path Parameters

certificateName

required

string

The certificate name used in Intel(R) EMA database. This is not the subject name or the common name.

Responses

Tenants

Gets a collection of Tenants .

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User.

Responses

Response samples

200

Content type

[{"CreatedBy": "00000000-0000-0000-0000-000000000000",
"CreatedOn": "2019-08-24T14:15:22Z",
"TenantId": "00000000-0000-0000-0000-000000000000",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"Description": "string",
"Name": "string"
}
]

Creates a Tenant.

Role required: Global Administrator

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Tenant object to create.

CreatedBy	string <uuid>
CreatedOn	string <date-time>
TenantId	string <uuid>
ModifiedBy	string <uuid>
ModifiedOn	string <date-time>
Description required	string
Name required	string

Responses

Request samples

Payload

Content type

{"CreatedBy": "00000000-0000-0000-0000-000000000000",
"CreatedOn": "2019-08-24T14:15:22Z",
"TenantId": "00000000-0000-0000-0000-000000000000",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"Description": "string",
"Name": "string"
}

Response samples

200

Content type

{"CreatedBy": "00000000-0000-0000-0000-000000000000",
"CreatedOn": "2019-08-24T14:15:22Z",
"TenantId": "00000000-0000-0000-0000-000000000000",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"Description": "string",
"Name": "string"
}

Gets the details of a Tenant by ID.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User.

path Parameters

tenantId

required

string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

Response samples

200

Content type

{"CreatedBy": "00000000-0000-0000-0000-000000000000",
"CreatedOn": "2019-08-24T14:15:22Z",
"TenantId": "00000000-0000-0000-0000-000000000000",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"Description": "string",
"Name": "string"
}

Updates a Tenant.

Role required: Global Administrator

Only the fields Name and Description can be updated.

path Parameters

tenantId

required

string <uuid>

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Tenant object to update

CreatedBy	string <uuid>
CreatedOn	string <date-time>
TenantId	string <uuid>
ModifiedBy	string <uuid>
ModifiedOn	string <date-time>
Description required	string
Name required	string

Responses

Request samples

Payload

Content type

{"CreatedBy": "00000000-0000-0000-0000-000000000000",
"CreatedOn": "2019-08-24T14:15:22Z",
"TenantId": "00000000-0000-0000-0000-000000000000",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"Description": "string",
"Name": "string"
}

Response samples

200

Content type

{"CreatedBy": "00000000-0000-0000-0000-000000000000",
"CreatedOn": "2019-08-24T14:15:22Z",
"TenantId": "00000000-0000-0000-0000-000000000000",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"Description": "string",
"Name": "string"
}

Deletes a Tenant By ID

Role required: Global Administrator

During tenant deletion, the active USBR sessions for the tenant are stopped, and the USBR image files for the tenant are deleted.

path Parameters

tenantId

required

string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

UsbrImages

Gets a collection of USBR image metadata.

Role required: Tenant Administrator, EndPoint Group Creator, EndPoint Group User

File hash is SHA2-256.

Responses

Response samples

200

Content type

[{"UsbrImageId": 0,
"FileName": "string",
"FileDescription": "string",
"FileBytes": 0,
"LastUpdated": "2019-08-24T14:15:22Z",
"TenantId": "00000000-0000-0000-0000-000000000000",
"FileHashString": "string"
}
]

Gets a USBR image metadata by Id.

Role required: Tenant Administrator, EndPoint Group Creator, EndPoint Group User

File hash is SHA2-256.

path Parameters

usbrImageId

required

integer <int32>

Id of USBR image metadata

Responses

Response samples

200

Content type

{"UsbrImageId": 0,
"FileName": "string",
"FileDescription": "string",
"FileBytes": 0,
"LastUpdated": "2019-08-24T14:15:22Z",
"TenantId": "00000000-0000-0000-0000-000000000000",
"FileHashString": "string"
}

Updates a USBR image metadata by Id.

Role required: Tenant Administrator

Only the name and the description of the image can be updated. All other fields are read-only.

Filename must be unique per tenant.

File hash is SHA2-256.

path Parameters

usbrImageId

required

integer <int32>

Id of USBR image metadata to update

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Updated USBR image metadata

UsbrImageId	integer <int32>
FileName required	string
FileDescription required	string
FileBytes	integer <int64>
LastUpdated	string <date-time>
TenantId	string <uuid>
FileHashString	string

Responses

Request samples

Payload

Content type

{"UsbrImageId": 0,
"FileName": "string",
"FileDescription": "string",
"FileBytes": 0,
"LastUpdated": "2019-08-24T14:15:22Z",
"TenantId": "00000000-0000-0000-0000-000000000000",
"FileHashString": "string"
}

Response samples

200

Content type

{"UsbrImageId": 0,
"FileName": "string",
"FileDescription": "string",
"FileBytes": 0,
"LastUpdated": "2019-08-24T14:15:22Z",
"TenantId": "00000000-0000-0000-0000-000000000000",
"FileHashString": "string"
}

Deletes a USBR image file and its metadata by Id.

Role required: Tenant Administrator

This operation deletes both the metadata and file of a USBR image given the Id.

path Parameters

usbrImageId

required

integer <int32>

Id of USBR Image to delete

Responses

UsbrSessions

Gets a list of USB-R sessions per tenant and with an option to filter by status.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the resource.

query Parameters

status

string

Enum: "initialized" "connected" "connectionDroppedMaxSessions" "disconnectedByUser" "disconnectedDueToError" "disconnectedDueToIdleTimeout" "disconnectedDueToUserConsent"

Status (enum) of USB-R Session. If the value is a string and the string is not a valid string name of the enumeration item, it will be ignored.

Responses

Response samples

200

Content type

[{"UsbrSessionId": "00000000-0000-0000-0000-000000000000",
"UsbrImageImgName": "string",
"UsbrImageIsoName": "string",
"EndpointId": "string",
"EndpointName": "string",
"UsbrImageImgId": 0,
"UsbrImageIsoId": 0,
"Status": "string",
"LastUpdated": "2019-08-24T14:15:22Z",
"UserId": "00000000-0000-0000-0000-000000000000",
"Username": "string",
"IdleTimeSeconds": 0,
"SessionDurationSeconds": 0
}
]

Submits a request to start USB-R session for the specified endpoint.

Role required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Accepted values for startMode are iderSetOnReset, iderSetGracefully, iderSetImmediately

The request requires both UsbrImageIsoId and UsbrImageImgId if only one image is used, then use 0 as the ID for the other.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

usbrStartSessionRequestModel object for starting the session

EndpointId required	string 64 characters
UsbrImageImgId required	integer <int32> [ 0 .. 2147483647 ]
UsbrImageIsoId required	integer <int32> [ 0 .. 2147483647 ]
StartMode required	string Enum: "iderSetOnReset" "iderSetGracefully" "iderSetImmediately"

Responses

Request samples

Payload

Content type

{"EndpointId": "stringstringstringstringstringstringstringstringstringstringstri",
"UsbrImageImgId": 2147483647,
"UsbrImageIsoId": 2147483647,
"StartMode": "iderSetOnReset"
}

Response samples

200

Content type

{"UsbrSessionId": "00000000-0000-0000-0000-000000000000",
"UsbrImageImgName": "string",
"UsbrImageIsoName": "string",
"EndpointId": "string",
"EndpointName": "string",
"UsbrImageImgId": 0,
"UsbrImageIsoId": 0,
"Status": "string",
"LastUpdated": "2019-08-24T14:15:22Z",
"UserId": "00000000-0000-0000-0000-000000000000",
"Username": "string",
"IdleTimeSeconds": 0,
"SessionDurationSeconds": 0
}

Submits a request to stop a USB-R session.

Role required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

path Parameters

usbrSessionId

required

string

USB-R session unique identifier

Responses

Response samples

200

Content type

{"UsbrSessionId": "00000000-0000-0000-0000-000000000000",
"UsbrImageImgName": "string",
"UsbrImageIsoName": "string",
"EndpointId": "string",
"EndpointName": "string",
"UsbrImageImgId": 0,
"UsbrImageIsoId": 0,
"Status": "string",
"LastUpdated": "2019-08-24T14:15:22Z",
"UserId": "00000000-0000-0000-0000-000000000000",
"Username": "string",
"IdleTimeSeconds": 0,
"SessionDurationSeconds": 0
}

Gets USB-R request status for an AMT Endpoint by USB-R session Id.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the resource.

path Parameters

usbrSessionId

required

string

USB-R Session ID

Responses

Response samples

200

Content type

{"UsbrSessionId": "00000000-0000-0000-0000-000000000000",
"UsbrImageImgName": "string",
"UsbrImageIsoName": "string",
"EndpointId": "string",
"EndpointName": "string",
"UsbrImageImgId": 0,
"UsbrImageIsoId": 0,
"Status": "string",
"LastUpdated": "2019-08-24T14:15:22Z",
"UserId": "00000000-0000-0000-0000-000000000000",
"Username": "string",
"IdleTimeSeconds": 0,
"SessionDurationSeconds": 0
}

UserConsent

Gets the current User Consent State

Roles required: Tenant Administrator, user in a UserGroup with read privileges associated to target EndpointGroup and Client Credentials EndpointManager.

path Parameters

endpointId

required

string

Endpoint unique identifier

Responses

Response samples

200

Content type

{"DefaultScreen": 0,
"UserConsentRequired": "none",
"State": "notStarted",
"UserConsentCodeTimeout": 0,
"UserConsentDisplayTimeout": 0,
"UserConsentRequiredMessage": "string",
"StateMessage": "string",
"DefaultScreenMessage": "string"
}

Start a User Consent session on the target endpoint.

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup and Client Credentials EndpointManager.

path Parameters

endpointId

required

string

Responses

Response samples

204

Content type

{ }

Send a User Consent code to endpoint Intel(R) AMT

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup and Client Credentials EndpointManager.

path Parameters

endpointId

required

string

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

integer <int32>

Responses

Request samples

Payload

Content type

0

Response samples

204

Content type

{ }

Cancels a User Consent session that has been started.

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup and Client Credentials EndpointManager.

path Parameters

endpointId

required

string

Responses

Response samples

204

Content type

{ }

Set the display that the User Consent Sprite will appear on.

Role required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup and Client Credentials EndpointManager.

path Parameters

endpointId

required

string

Target endpoint ID

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Display to set the user consent sprite to

TargetDisplay

required

string

Enum: "primaryDisplay" "secondDisplay" "thirdDisplay"

Desired display to change the user consent sprite to.

Responses

Request samples

Payload

Content type

{"TargetDisplay": "primaryDisplay"
}

Response samples

204

Content type

{ }

UserGroupMemberships

Gets a collection of names of User Group members.

Role required: Global Administrator, Tenant Administrator, Account Manager, or Endpoint Group Creator.

path Parameters

userGroupId

required

integer <int32>

User Group identifier

Responses

Response samples

200

Content type

[{"UserName": "string"
}
]

Add members to a User Group.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

With an HTTP 200, the response list will contain only those members that got added to the User Group. Members not added for one reason or another will not appear in the response list.

path Parameters

userGroupId

required

string

User Group ID

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Array

UserName

required

string

Responses

Request samples

Payload

Content type

[{"UserName": "string"
}
]

Response samples

200

Content type

[{"UserName": "string"
}
]

Removes members from a User Group.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

With an HTTP 200, the response list will contain only those members removed from the User Group. Members not removed for one reason or another will not appear in the response list.

path Parameters

userGroupId

required

string

User Group ID

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Members to remove from a User Group

Array

UserName

required

string

Responses

Request samples

Payload

Content type

[{"UserName": "string"
}
]

Response samples

200

Content type

[{"UserName": "string"
}
]

UserGroups

Gets a collection of User Groups.

Role required: Global Administrator, Tenant Administrator, Account Manager, or Endpoint Group Creator.

Responses

Response samples

200

Content type

[{"UserGroupId": 0,
"Name": "string",
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"RoleId": 0,
"AccessRightsId": "execute",
"AccessRights": "string"
}
]

Creates a new User Group having Execute or View right.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

For AccessRightsId, enter one of the two following values: 1 - Execute 2 - View

The roleId value will be automatically populated by the system

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

User Group object to create

UserGroupId	integer <int32>
Name required	string
TenantId	string <uuid>
Description required	string
CreatedOn	string <date-time>
CreatedBy	string <uuid>
ModifiedOn	string <date-time>
ModifiedBy	string <uuid>
RoleId	integer <int32>
AccessRightsId required	string Enum: "execute" "view"
AccessRights	string

Responses

Request samples

Payload

Content type

{"UserGroupId": 0,
"Name": "string",
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"RoleId": 0,
"AccessRightsId": "execute",
"AccessRights": "string"
}

Response samples

200

Content type

{"UserGroupId": 0,
"Name": "string",
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"RoleId": 0,
"AccessRightsId": "execute",
"AccessRights": "string"
}

Gets a User Group by ID.

Role required: Global Administrator, Tenant Administrator, Account Manager, or Endpoint Group Creator.

path Parameters

userGroupId

required

integer <int32>

User Group identifier

Responses

Response samples

200

Content type

{"UserGroupId": 0,
"Name": "string",
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"RoleId": 0,
"AccessRightsId": "execute",
"AccessRights": "string"
}

Updates a User Group by ID.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

The only fields that can be updated are Name, Description and AccessRights.

For AccessRightsId, enter one of the two following values: 1 - Execute 2 - View

The roleId value will be automatically populated by the system

path Parameters

userGroupId

required

integer <int32>

The User Group identifier

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

UserGroup object with updated data

UserGroupId	integer <int32>
Name required	string
TenantId	string <uuid>
Description required	string
CreatedOn	string <date-time>
CreatedBy	string <uuid>
ModifiedOn	string <date-time>
ModifiedBy	string <uuid>
RoleId	integer <int32>
AccessRightsId required	string Enum: "execute" "view"
AccessRights	string

Responses

Request samples

Payload

Content type

{"UserGroupId": 0,
"Name": "string",
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"RoleId": 0,
"AccessRightsId": "execute",
"AccessRights": "string"
}

Response samples

200

Content type

{"UserGroupId": 0,
"Name": "string",
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"RoleId": 0,
"AccessRightsId": "execute",
"AccessRights": "string"
}

Deletes a User Group by ID.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

path Parameters

userGroupId

required

integer <int32>

The User Group identifier.

Responses

UserGroupToEndpointGroupAssignments

Gets a collection of User Groups assigned to an Endpoint Group

Role required: Tenant Administrator, or Endpoint Group Creator.

path Parameters

endpointGroupId

required

string

Endpoint Group ID. Hex string with 64 characters and without the 0x prefix.

Responses

Response samples

200

Content type

[{"UserGroupId": 1,
"Name": "string",
"Description": "string",
"AccessRightsId": "execute",
"AccessRights": "string"
}
]

Assigns a User Group to an Endpoint Group

Role required: Tenant Administrator, or Endpoint Group Creator of a suitable User Group.

path Parameters

endpointGroupId

required

string

EndPoint Group ID. Hex string with 64 characters and without the 0x prefix.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

UserGroup Identifier DTO object

UserGroupId

required

integer <int32> [ 1 .. 2147483647 ]

Responses

Request samples

Payload

Content type

{"UserGroupId": 1
}

Response samples

200

Content type

{"UserGroupId": 1
}

Disassociates an User Group from a Endpoint Group

Role required: Tenant Administrator, or Endpoint Group Creator of a suitable User Group.

path Parameters

endpointGroupId required	string Endpoint Group ID. Hex string with 64 characters and without the 0x prefix.
userGroupId required	integer <int32> User Group ID.

Responses

Users

Gets a collection of Users.

Role required: Global Administrator, Tenant Administrator, Account Manager, or Endpoint Group Creator.

Responses

Response samples

200

Content type

[{"UserId": "string",
"Username": "string",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"RoleId": 0,
"SysRole": "none"
}
]

Creates a User

Role required: Global Administrator, Tenant Administrator, or Account Manager.

TenantId is not required when a Global Administrator creates another Global Administrator.

If EMA installed in Windows Domain Authentication mode, the Username used for registering a new user must be its User Principle Name (UPN).

Username must be in an email address format.

Creating a 'Locked' user is not allowed. The 'Enabled' property should always be passed as 'true'

Password is required only when EMA is not installed in Windows Domain Authentication mode.

Password Requirements

--between 8 characters and 255 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

User object to be created

UserId	string <uuid>
Username required	string
Enabled required	boolean
TenantId	string <uuid>
Description required	string
Password	string
RoleId required	integer <int32>

Responses

Request samples

Payload

Content type

{"UserId": "00000000-0000-0000-0000-000000000000",
"Username": "string",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"Password": "string",
"RoleId": 0
}

Response samples

200

Content type

{"UserId": "00000000-0000-0000-0000-000000000000",
"Username": "string",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"RoleId": 0,
"SysRole": "none"
}

Gets the details of a User by ID.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User. Endpoint Group Users can see only their own information.

path Parameters

userId

required

string

User ID. Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

Response samples

200

Content type

{"UserId": "00000000-0000-0000-0000-000000000000",
"Username": "string",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"RoleId": 0,
"SysRole": "none"
}

Updates a User by ID.

Role required: Global Administrator, Tenant Administrator, or Account manager.

Only Description, RoleId, and Enabled can be updated, except for TenantId if converting a user from a Global Admin to a Tenant User. All other fields are ignored.

TenantId is required if the target user is changed to a Tenant user role (i.e., a role that is not a Global Admin).

Manually locking a user by changing the 'Enabled' property to 'false' is not currently supported.

path Parameters

userId

required

string

User ID. Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

UserId required	string <uuid>
Username	string
CreatedOn	string <date-time>
CreatedBy	string <uuid>
ModifiedOn	string <date-time>
ModifiedBy	string <uuid>
Enabled required	boolean
TenantId	string <uuid>
Description required	string
RoleId required	integer <int32>
SysRole	string Enum: "none" "globalAdministrator" "tenantAdministrator" "accountManager" "endpointGroupsCreator" "endpointGroupsUser"

Responses

Request samples

Payload

Content type

{"UserId": "00000000-0000-0000-0000-000000000000",
"Username": "string",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"RoleId": 0,
"SysRole": "none"
}

Response samples

200

Content type

{"UserId": "00000000-0000-0000-0000-000000000000",
"Username": "string",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"RoleId": 0,
"SysRole": "none"
}

Deletes a User by ID.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

All users can delete their own accounts. Global Administrators can delete any user account from any Tenant. Tenant Administrators can delete any user account from the same Tenant. Account Managers can delete any user having the primary role of Account Manager, Endpoint Group Creator, or Endpoint Group User from the same Tenant.

path Parameters

userId

required

string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

Gets the details of a User by username.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User. Endpoint Group Users can see only their own information.

query Parameters

username

string

Responses

Response samples

200

Content type

{"UserId": "00000000-0000-0000-0000-000000000000",
"Username": "string",
"CreatedOn": "2019-08-24T14:15:22Z",
"CreatedBy": "00000000-0000-0000-0000-000000000000",
"ModifiedOn": "2019-08-24T14:15:22Z",
"ModifiedBy": "00000000-0000-0000-0000-000000000000",
"Enabled": true,
"TenantId": "00000000-0000-0000-0000-000000000000",
"Description": "string",
"RoleId": 0,
"SysRole": "none"
}

Set a User's password.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User.

Global Administrators can reset the passwords of all Users without providing their current passwords. Tenant Administrators can reset the passwords of Users in the same Tenant without providing their current passwords. All other users need to provide their current passwords to reset them.

Password is required only when EMA is not installed in Windows Domain Authentication mode.

Password Requirements

--between 8 characters and 255 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character

path Parameters

userId

required

string

User ID. Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

CurrentPassword	string
NewPassword required	string.(?=^.{8,255}$)(?=.\d)(?=.[a-z])(?=.[A-Z]...

Responses

Request samples

Payload

Content type

{"CurrentPassword": "string",
"NewPassword": "string"
}

WifiSetups

Gets a collection of WifiSetups.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

200

Content type

[{"WifiSetupId": 0,
"SetupName": "string",
"Priority": 0,
"SSID": "string",
"EncryptionAlgorithm": "tKIP",
"KeyManagementProtocol": "wPAPSK",
"Passphrase": "string",
"TenantId": "string",
"_802_1_SetupLookupKey": 0
}
]

Creates a WifiSetup to be used by AMT Profiles.

Role required: Tenant Administrator

When the KeyManagementProtocol is WPAPSK or WPA2PSK, Passphrase is required, and _802_1_SetupLookupKey is not needed and will be set to null. When the KeyManagementProtocol is WPAIEEE802_1 or WPA2IEEE802_1, _802_1_SetupLookupKey is required, and Passphrase is not needed and will be set to nul.

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

WifiSetup object to create

SetupName required	string
Priority required	integer <int32>
SSID required	string
EncryptionAlgorithm required	string Enum: "tKIP" "cCMP"
KeyManagementProtocol required	string Enum: "wPAPSK" "wPAIEEE802_1" "wPA2PSK" "wPA2IEEE802_1"
Passphrase	string
TenantId	string
_802_1_SetupLookupKey	integer <int32>

Responses

Request samples

Payload

Content type

{"SetupName": "string",
"Priority": 0,
"SSID": "string",
"EncryptionAlgorithm": "tKIP",
"KeyManagementProtocol": "wPAPSK",
"Passphrase": "string",
"TenantId": "string",
"_802_1_SetupLookupKey": 0
}

Response samples

200

Content type

{"WifiSetupId": 0,
"SetupName": "string",
"Priority": 0,
"SSID": "string",
"EncryptionAlgorithm": "tKIP",
"KeyManagementProtocol": "wPAPSK",
"Passphrase": "string",
"TenantId": "string",
"_802_1_SetupLookupKey": 0
}

Gets a WiFiSetup by ID.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

path Parameters

wifiSetupId

required

integer <int32>

WifiSetup ID

Responses

Response samples

200

Content type

{"WifiSetupId": 0,
"SetupName": "string",
"Priority": 0,
"SSID": "string",
"EncryptionAlgorithm": "tKIP",
"KeyManagementProtocol": "wPAPSK",
"Passphrase": "string",
"TenantId": "string",
"_802_1_SetupLookupKey": 0
}

Updates a WiFiSetup by ID.

Role required: Tenant Administrator

When the KeyManagementProtocol is WPAPSK or WPA2PSK and the original KeyManagementProtocol is WPAPSK or WPA2PSK, Passphrase is optional, and _802_1_SetupLookupKey is not needed and will be set to null internally. If Passphrase is not provided or empty, the original Passphrase will be used. When the KeyManagementProtocol is WPAPSK or WPA2PSK and the original KeyManagementProtocol is WPAIEEE802_1 or WPA2IEEE802_1, Passphrase is required, and _802_1_SetupLookupKey is not needed and will be set to null internally. When the KeyManagementProtocol is WPAIEEE802_1 or WPA2IEEE802_1, _802_1_SetupLookupKey is required, and Passphrase is not needed and will be set to null internally.

path Parameters

wifiSetupId

required

integer <int32>

WifiSetup ID

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

WifiSetup object to update

WifiSetupId required	integer <int32>
SetupName required	string
Priority required	integer <int32>
SSID required	string
EncryptionAlgorithm required	string Enum: "tKIP" "cCMP"
KeyManagementProtocol required	string Enum: "wPAPSK" "wPAIEEE802_1" "wPA2PSK" "wPA2IEEE802_1"
Passphrase	string
TenantId	string
_802_1_SetupLookupKey	integer <int32>

Responses

Request samples

Payload

Content type

{"WifiSetupId": 0,
"SetupName": "string",
"Priority": 0,
"SSID": "string",
"EncryptionAlgorithm": "tKIP",
"KeyManagementProtocol": "wPAPSK",
"Passphrase": "string",
"TenantId": "string",
"_802_1_SetupLookupKey": 0
}

Response samples

200

Content type

{"WifiSetupId": 0,
"SetupName": "string",
"Priority": 0,
"SSID": "string",
"EncryptionAlgorithm": "tKIP",
"KeyManagementProtocol": "wPAPSK",
"Passphrase": "string",
"TenantId": "string",
"_802_1_SetupLookupKey": 0
}

Deletes a WiFiSetup by ID.

Role required: Tenant Administrator

path Parameters

wifiSetupId

required

integer <int32>

WifiSetup ID

REST API for Intel(R) Endpoint Management Assistant V5 (v5)

802.1XSetups

Gets a collection of 802.1X Setups

Responses

Response samples

Creates an 802.1X Setup to be used by WifiSetup and Wired802.1X in AMT Profiles.

Request Body schema: application/jsonapplication/jsontext/jsonapplication/xmltext/xmlapplication/x-www-form-urlencoded

Responses

Request samples

Response samples

Gets an 802.1X Setup by ID.

path Parameters

Responses

Response samples

Updates an 802.1X Setup by ID.

path Parameters

Request Body schema: application/jsonapplication/jsontext/jsonapplication/xmltext/xmlapplication/x-www-form-urlencoded

Responses

Request samples

Response samples

Deletes an 802.1X Setup by ID.

path Parameters

Responses

Gets a collection of Certificate Authorities found in the current Windows domain.

Responses

Response samples

AccessTokens

Gets a new Access Token.

Responses

Response samples

Gets a new Access Token using Windows Authentication credentials.

Responses

Response samples

Gets a new Access Token using Windows username and password. The Windows username needs to be the User Principal Name (UPN) in Active Directory.

Request Body schema: application/jsonapplication/jsontext/jsonapplication/xmltext/xmlapplication/x-www-form-urlencoded

Responses

Request samples

Response samples

Method to delete expired or unused tokens

Responses

Response samples

Gets CSRF token pair set in cookies.

Responses

Response samples

Agents

Gets the latest agent executable for Win32Console

Responses

Response samples

Gets the latest agent installer for Win32Service

Responses

Response samples

Gets the latest agent executable for Win64Console

Responses

Response samples

Gets the latest agent installer for Win64Service

Responses

Response samples

AjaxCookies

Gets an Ajax cookie.

Responses

Response samples

AmtCredentials

Returns the Amt admin credentials or MEBx password, based on credential type defined in the query string, for a provisioned endpoint if its associated AmtSetup record is found in the database

path Parameters

query Parameters

Responses

Response samples

AmtProfiles

Gets a list of AMT Profile summaries.

Responses

Response samples

Creates an AMT Profile.

Request Body schema: application/jsonapplication/jsontext/jsonapplication/xmltext/xmlapplication/x-www-form-urlencoded

Responses

Request samples

Response samples

Gets an AMT Profile by ID.

path Parameters

Responses

Response samples

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded

Request Body schema:
application/json
application/json
text/json
application/xml
text/xml
application/x-www-form-urlencoded