REST API for Intel(R) Endpoint Management Assistant V5 (v5)

Download OpenAPI specification:Download

This API uses the OAuth2 Resource Owner Password Credentials flow with token path: base URL + /api/token

802.1XSetups

Gets a collection of 802.1X Setups

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

Content type
[
  • {
    }
]

Creates an 802.1X Setup to be used by WifiSetup and Wired802.1X in AMT Profiles.

Role required: Tenant Administrator

Setup properties:

TenantId: This field is not required for this operation. If provided, it will be ignored.

PSK: This value, if provided, must be an OctetString (convertible to a byte array).

ProtectedAccessCredential: This value, if provided, must be an OctetString (convertible to a byte array).

AuthenticationProtocol: Currently, only the 0=EAP_TLS option is fully supported.

ClientAuthenticationSettings.DesignatedSubjectCN: The default value for this property is 4=UserPrincipalName. This is the Subject set in the client certificate and the user name required by the Network Policy Server (NPS), which is the RADIUS implementation by Microsoft.

Request Body schema:
TenantId
string <uuid>
SetupId
integer <int32>
SetupName
required
string
required
object (IEEE8021x_Settings)

Responses

Request samples

Content type
{
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "SetupId": 0,
  • "SetupName": "string",
  • "Data": {
    }
}

Response samples

Content type
{
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "SetupId": 0,
  • "SetupName": "string",
  • "Data": {
    }
}

Gets an 802.1X Setup by ID.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

path Parameters
_802_1XSetupId
required
integer <int32>

802.1X Setup ID

Responses

Response samples

Content type
{
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "SetupId": 0,
  • "SetupName": "string",
  • "Data": {
    }
}

Updates an 802.1X Setup by ID.

Role required: Tenant Administrator

Setup properties:

TenantId: This field is not required for this operation. If provided, it will be ignored.

PSK: This value, if provided, must be an OctetString (convertible to a byte array).

ProtectedAccessCredential: This value, if provided, must be an OctetString (convertible to a byte array).

AuthenticationProtocol: Currently, only the 0=EAP_TLS option is fully supported.

ClientAuthenticationSettings.DesignatedSubjectCN: The default value for this property is 4=UserPrincipalName. This is the Subject set in the client certificate and the user name required by the Network Policy Server (NPS), which is the RADIUS implementation by Microsoft.

path Parameters
_802_1XSetupId
required
integer <int32>

802_1X Setup ID

Request Body schema:

802_1X Setup object to update

TenantId
string <uuid>
SetupId
integer <int32>
SetupName
required
string
required
object (IEEE8021x_Settings)

Responses

Request samples

Content type
{
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "SetupId": 0,
  • "SetupName": "string",
  • "Data": {
    }
}

Response samples

Content type
{
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "SetupId": 0,
  • "SetupName": "string",
  • "Data": {
    }
}

Deletes an 802.1X Setup by ID.

Role required: Tenant Administrator

path Parameters
_802_1XSetupId
required
integer <int32>

802.1X Setup ID

Responses

Gets a collection of Certificate Authorities found in the current Windows domain.

Role required: Tenant Administrator

Responses

Response samples

Content type
[
  • {
    }
]

AccessTokens

Gets a new Access Token.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User.

This method provides Users the means to obtain a new Access Token before their current one expires.

Responses

Response samples

Content type
{
  • "access_token": "string",
  • "token_type": "string",
  • "expires_in": 0,
  • "userName": "string",
  • "issued": "string",
  • "expires": "string"
}

Gets a new Access Token using Windows Authentication credentials.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

This method will only grant an Access Token under the following conditions:

  1. EMA must be installed with Windows Domain Authentication mode.
  2. The EMA server must be joined to an Active Directory domain.
  3. The caller must have an EMA account with a username that maps to a User Principal Name in Active Directory.

Responses

Response samples

Content type
{
  • "access_token": "string",
  • "token_type": "string",
  • "expires_in": 0,
  • "userName": "string",
  • "issued": "string",
  • "expires": "string"
}

Gets a new Access Token using Windows username and password. The Windows username needs to be the User Principal Name (UPN) in Active Directory.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User. This method provides Users the means to obtain a new Access Token using Windows username and password. This method will only grant an Access Token under the following conditions:

  1. EMA must be installed with Windows Domain Authentication mode.
  2. The caller must have an EMA account with a username that maps to a User Principal Name in Active Directory.
Request Body schema:
Upn
required
string
Password
required
string

Responses

Request samples

Content type
{
  • "Upn": "string",
  • "Password": "string"
}

Response samples

Content type
{
  • "access_token": "string",
  • "token_type": "string",
  • "expires_in": 0,
  • "userName": "string",
  • "issued": "string",
  • "expires": "string"
}

Method to delete expired or unused tokens

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

Content type
{ }

Gets CSRF token pair set in cookies.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User.

This method provides Users the means to get new CSRF token pair set in cookies.

Responses

Response samples

Content type
{ }

Agents

Gets the latest agent executable for Win32Console

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

Content type
{ }

Gets the latest agent installer for Win32Service

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

Content type
{ }

Gets the latest agent executable for Win64Console

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

Content type
{ }

Gets the latest agent installer for Win64Service

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

Content type
{ }

AjaxCookies

Gets an Ajax cookie.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

Content type
{
  • "cookie": "string",
  • "expireTime": "2019-08-24T14:15:22Z"
}

AmtCredentials

Returns the Amt admin credentials or MEBx password, based on credential type defined in the query string, for a provisioned endpoint if its associated AmtSetup record is found in the database

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User with execute right to the endpoint

When returning MEBx password, the username field in AMT credentials is always null

path Parameters
endpointId
required
string

Hex string with 64 characters and without the 0x prefix

query Parameters
credentialType
string

Can be 'mebx' or 'admin', it is a case sensitive string

Responses

Response samples

Content type
{
  • "userName": "string",
  • "password": "string"
}

AmtProfiles

Gets a list of AMT Profile summaries.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

Content type
[
  • {
    }
]

Creates an AMT Profile.

Role required: Tenant Administrator or Endpoint Group Creator

The following defines the profile object's optional parameters and their default values. If no argument is provided for an optional parameter, then its default value is used.

  1. TlsAuthType: 1 = TlsNoAuth. If this is set to NoTLS, you need to specify the CIRASettings.
  2. PowerPackageSettings.PowerActiveOn: 1 = AlwaysOnInAc.
  3. PowerPackageSettings.PowerStateIdleTimeoutInMinutes: 1.
  4. ManagementInterfacesSettings.WebUIServiceEnabledState: 2 = Enabled.
  5. ManagementInterfacesSettings.KVMInterfaceState: 2 = Enabled.
  6. ManagementInterfacesSettings.UserConsentRequired: 4294967295 = All.
  7. ManagementInterfacesSettings.SOLEnabled: true.
  8. ManagementInterfacesSettings.IDEREnabled: true.
  9. ManagementInterfacesSettings.RedirectionServiceState: SOLEnabled=true and [IDEREnabled=true: 32771(IderOnSolOn); IDEREnabled=false: 32770(IderOffSolOn)]; SOLEnabled=false and [IDEREnabled=true: 32769(IderOnSolOff); IDEREnabled=false: 32768(Disabled)].
  10. FqdnSettings.FqdnSource: 0 = SharedWithHostOS.
  11. IpSettings.DHCPEnabled: true.
  12. IpSettings.SharedStaticIp: false.
  13. IpSettings.Source: 0 = DHCP.
  14. WiFiConnectionSettings.WiFiSetups: Empty collection (it is optional only if WiFiConnectionSettings.WiFiConnectionEnabledConfiguration=0)
  15. Wired802_1XSettings: An object containing _802_1Setup_DBLookupKey=null.
  16. CIRASettings (the whole object): null.
  17. CIRASettings.CIRATunnel: false.
  18. CIRASettings.EnvironmentDetectionDomainSuffix: Value to disable CIRA when the target system is in this network domain when CIRATunnel=true; Empty string when CIRATunnel=false.
  19. CIRASettings.CIRAProxies (the whole object): Empty collection.
Request Body schema:

AMT Profile object to create

Name
required
string
Description
required
string
TlsAuthType
string
Enum: "noTLS" "tlsNoAuth" "tlsRemoteAuth" "tlsLocalAuth" "tlsAuth"

An integer representing TLS Authentication Mode. Current supported modes are 'noTLS' (TLS disabled) and 'TlsNoAuth' (TLS enabled, no authentication mode)

required
object (Power)
required
object (ManagementInterfaces)
required
object (FQDNSettings)
required
object (IPSettings)
required
object (WiFiConnection)
object (Wired802_1X)
object (CIRASettings)

Responses

Request samples

Content type
{
  • "Name": "string",
  • "Description": "string",
  • "TlsAuthType": "noTLS",
  • "PowerPackageSettings": {
    },
  • "ManagementInterfacesSettings": {
    },
  • "FqdnSettings": {
    },
  • "IpSettings": {
    },
  • "WiFiConnectionSettings": {
    },
  • "Wired802_1XSettings": {
    },
  • "CIRASettings": {
    }
}

Response samples

Content type
{
  • "AmtProfileId": 0,
  • "TenantId": "string",
  • "Name": "string",
  • "Description": "string",
  • "TlsAuthType": "noTLS",
  • "PowerPackageSettings": {
    },
  • "ManagementInterfacesSettings": {
    },
  • "FqdnSettings": {
    },
  • "IpSettings": {
    },
  • "WiFiConnectionSettings": {
    },
  • "Wired802_1XSettings": {
    },
  • "CIRASettings": {
    }
}

Gets an AMT Profile by ID.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

path Parameters
amtProfileId
required
integer <int32>

AMT Profile ID

Responses

Response samples

Content type
{
  • "AmtProfileId": 0,
  • "TenantId": "string",
  • "Name": "string",
  • "Description": "string",
  • "TlsAuthType": "noTLS",
  • "PowerPackageSettings": {
    },
  • "ManagementInterfacesSettings": {
    },
  • "FqdnSettings": {
    },
  • "IpSettings": {
    },
  • "WiFiConnectionSettings": {
    },
  • "Wired802_1XSettings": {
    },
  • "CIRASettings": {
    }
}

Updates an AMT Profile by ID.

Role required: Tenant Administrator or Endpoint Group Creator

The properties AmtProfileId and TenantId are readonly and cannot be updated.

The following list defines the default values that would be used for any optional parameters if they are omitted from the profile object:

  1. TlsAuthType: 1 = TlsNoAuth. If this is set to NoTLS, you need to specify the CIRASettings.
  2. PowerPackageSettings.PowerActiveOn: 1 = AlwaysOnInAc.
  3. PowerPackageSettings.PowerStateIdleTimeoutInMinutes: 1.
  4. ManagementInterfacesSettings.WebUIServiceEnabledState: 2 = Enabled.
  5. ManagementInterfacesSettings.KVMInterfaceState: 2 = Enabled.
  6. ManagementInterfacesSettings.UserConsentRequired: 4294967295 = All.
  7. ManagementInterfacesSettings.SOLEnabled: true.
  8. ManagementInterfacesSettings.IDEREnabled: true.
  9. ManagementInterfacesSettings.RedirectionServiceState: SOLEnabled=true and [IDEREnabled=true: 32771(IderOnSolOn); IDEREnabled=false: 32770(IderOffSolOn)]; SOLEnabled=false and [IDEREnabled=true: 32769(IderOnSolOff); IDEREnabled=false: 32768(Disabled)].
  10. FqdnSettings.FqdnSource: 0 = SharedWithHostOS.
  11. IpSettings.DHCPEnabled: true.
  12. IpSettings.SharedStaticIp: false.
  13. IpSettings.Source: 0 = DHCP.
  14. WiFiConnectionSettings.WiFiSetups: Empty collection (it is optional only if WiFiConnectionSettings.WiFiConnectionEnabledConfiguration=0)
  15. Wired802_1XSettings: An object containing _802_1Setup_DBLookupKey=null.
  16. CIRASettings (the whole object): null.
  17. CIRASettings.CIRATunnel: false.
  18. CIRASettings.EnvironmentDetectionDomainSuffix: Value to disable CIRA when the target system is in this network domain when CIRATunnel=true; Empty string when CIRATunnel=false.
  19. CIRASettings.CIRAProxies (the whole object): Empty collection.
path Parameters
amtProfileId
required
integer <int32>

AMT Profile ID

Request Body schema:

AMT Profile object with updates

AmtProfileId
required
integer <int32>
TenantId
string
Name
required
string
Description
required
string
TlsAuthType
string
Enum: "noTLS" "tlsNoAuth" "tlsRemoteAuth" "tlsLocalAuth" "tlsAuth"

An integer representing TLS Authentication Mode. Current supported modes are 'noTLS' (TLS disabled) and 'TlsNoAuth' (TLS enabled, no authentication mode)

required
object (Power)
required
object (ManagementInterfaces)
required
object (FQDNSettings)
required
object (IPSettings)
required
object (WiFiConnection)
object (Wired802_1X)
object (CIRASettings)

Responses

Request samples

Content type
{
  • "AmtProfileId": 0,
  • "TenantId": "string",
  • "Name": "string",
  • "Description": "string",
  • "TlsAuthType": "noTLS",
  • "PowerPackageSettings": {
    },
  • "ManagementInterfacesSettings": {
    },
  • "FqdnSettings": {
    },
  • "IpSettings": {
    },
  • "WiFiConnectionSettings": {
    },
  • "Wired802_1XSettings": {
    },
  • "CIRASettings": {
    }
}

Response samples

Content type
{
  • "AmtProfileId": 0,
  • "TenantId": "string",
  • "Name": "string",
  • "Description": "string",
  • "TlsAuthType": "noTLS",
  • "PowerPackageSettings": {
    },
  • "ManagementInterfacesSettings": {
    },
  • "FqdnSettings": {
    },
  • "IpSettings": {
    },
  • "WiFiConnectionSettings": {
    },
  • "Wired802_1XSettings": {
    },
  • "CIRASettings": {
    }
}

Deletes an AMT Profile by ID.

Role required: Tenant Administrator or Endpoint Group Creator

path Parameters
amtProfileId
required
integer <int32>

AMT Profile ID

Responses

AmtProfileToEndpointGroupsAssignments

Gets a list of Endpoint Groups associated with a given AmtProfileId.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

404 will be returned if AmtProfileId is not found.

path Parameters
amtProfileId
required
integer <int32>

AMT Profile ID

Responses

Response samples

Content type
{
  • "EndpointGroupCount": 0,
  • "AccessibleEndpointGroups": [
    ]
}

AmtProvisioningCertificates

Gets a collection certificates required for AMT provisioning

Role required: Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

Content type
[
  • {
    }
]

Gets a certificate used for AMT provisioning by ID

Role required: Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

path Parameters
amtCertificateId
required
integer <int32>

Responses

Response samples

Content type
{
  • "AmtCertificateId": 0,
  • "Name": "string",
  • "CommonName": "string",
  • "NotBefore": "2019-08-24T14:15:22Z",
  • "NotAfter": "2019-08-24T14:15:22Z",
  • "HasPrivateKey": true,
  • "Thumbprint": "string",
  • "IsAmtProvisioningCert": true,
  • "InUseByAmtProfile": true,
  • "Pem": "string",
  • "Enabled": true,
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000"
}

Deletes a certificate used for AMT provisioning, as well as the next ones in the chain serially if they are not a part of another chain.

Role required: Tenant Administrator

path Parameters
amtCertificateId
required
integer <int32>

Responses

Gets the .CER file of an AMT provisioning certificate, or a certificate in its chain, by ID

Role required: Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

The filename of the .CER file will will be specified in the "filename" parameter of the "Content-Disposition" header.

path Parameters
amtCertificateId
required
integer <int32>

Responses

Upload .PFX of AMT provisioning certificate

Role required: Tenant Administrator

To import an AMT provisioning certificate, POST with enctype "multipart/form-data", the .PFX file attached, and the following parameters:
name: certificate nickname
password: password for the .PFX file

Responses

Response samples

Content type
[
  • {
    }
]

Upload .PFX general certificates

Role required: Tenant Administrator

To import an certificate, POST with enctype "multipart/form-data", the .PFX file attached, and the following parameters:
name: certificate nickname
password: password for the .PFX file

Responses

Response samples

Content type
[
  • {
    }
]

AmtSetups

Gets the AmtSetup (or provisioning record) of an Endpoint

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with View right to the resource.

path Parameters
amtSetupId
required
string

Use value of EndpointId. Hex string with 64 characters and without the 0x prefix

Responses

Response samples

Content type
{
  • "AmtSetupId": "string",
  • "Type": "auto",
  • "PID": "string",
  • "Creation": "2019-08-24T14:15:22Z",
  • "SetsRandomMebxPassword": true,
  • "Profile": {
    },
  • "State": "creation",
  • "StateString": "string",
  • "ExtraAmtInfo": {
    },
  • "AmtProfileId": 0
}

Deletes the AmtSetup (or provisioning record) of an Endpoint

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the endpoint.

path Parameters
amtSetupId
required
string

Use value of EndpointId. Hex string with 64 characters and without the 0x prefix

Responses

Gets the AmtSetup (or auto-provisioning setting) of an Endpoint Group

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with View right to the resource.

path Parameters
amtSetupId
required
string

Use value of EndpointGroupId. Hex string with 64 characters and without the 0x prefix

Responses

Response samples

Content type
{
  • "AmtSetupId": "string",
  • "Type": "auto",
  • "PID": "string",
  • "Creation": "2019-08-24T14:15:22Z",
  • "SetsRandomMebxPassword": true,
  • "Profile": {
    },
  • "State": "creation",
  • "StateString": "string",
  • "ExtraAmtInfo": {
    },
  • "AmtProfileId": 0
}

Deletes the AmtSetup (or auto-provisioning setting) of an Endpoint Group

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the endpoint.

path Parameters
amtSetupId
required
string

Use value of EndpointGroupId. Hex string with 64 characters and without the 0x prefix

Responses

Submits a request to provision an AMT Endpoint

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the endpoint.

Certificate provisioning will be requested only if an AMTProvisioningCertificateId is provided, otherwise host-based-provisioning will be requested.

AdminCredential.Password requirements:

between 8 and 31 characters
contains at least one number
contains both lowercase and uppercase alpha characters
contains at least one special character: '!', '@', '#', '$', '%', '^', '&amp;', '*', '(', ')', '-', '+'

CiraIntranetSuffix is applicable only when UsesCira is set to true. The value is a string of up to four comma separated domain name suffixes.

UsesTLS and UsesCira cannot be both true or both false. You need to choose one.

Request Body schema:

AMT Setup request object

EndpointId
required
string 64 characters
UsesTls
required
boolean
UsesCira
required
boolean
SetsRandomMebxPassword
boolean

If true, MEBx password must be created randomly and set in Firmware

UsesEmaAccount
required
boolean
CiraIntranetSuffix
string
required
object (AdminCredential)
AmtCertificateId
integer <int32> [ 1 .. 2147483647 ]

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri",
  • "UsesTls": true,
  • "UsesCira": true,
  • "SetsRandomMebxPassword": true,
  • "UsesEmaAccount": true,
  • "CiraIntranetSuffix": "string",
  • "AdminCredential": {
    },
  • "AmtCertificateId": 1
}

Response samples

Content type
{
  • "AmtSetupId": "string",
  • "Type": "auto",
  • "PID": "string",
  • "Creation": "2019-08-24T14:15:22Z",
  • "SetsRandomMebxPassword": true,
  • "Profile": {
    },
  • "State": "creation",
  • "StateString": "string",
  • "ExtraAmtInfo": {
    },
  • "AmtProfileId": 0
}

Submits a request to unprovision an AMT Endpoint

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the endpoint.

Warning: This operation will reset the AMT device to factory settings!

The AMT admin password is optional and should only be used to unprovision an AMT endpoint that was provisioned outside of EMA, or that has no AmtSetup (or Provisioning Record) in the database.

If the AMT Endpoint was provisioned with EMA, and the corresponding AmtSetup record is in the database, then the AMT admin password is unnecessary.

AdminCredential.Password requirements:

--between 8 and 32 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character
Request Body schema:

An unprovision AMT request

EndpointId
required
string 64 characters
object (AdminCredential)

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri",
  • "AdminCredential": {
    }
}

Sets AMT auto-provisioning for an Endpoint Group.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the endpoint.

For certificate provisioning, provide an AmtCertificateId in the request, otherwise Host-based-provisioning will be set.

To unset auto-provisioning, delete the AmtSetup record using the EndpointGroupId as AmtSetupId.

Request Body schema:
EndpointGroupId
required
string
AmtProfileId
required
integer <int32> [ 1 .. 2147483647 ]
SetsRandomMebxPassword
boolean

If true, MEBx password must be created randomly and set in Firmware

required
object (AdminCredential)
UsesEmaAccount
required
boolean
AmtCertificateId
integer <int32>

Responses

Request samples

Content type
{
  • "EndpointGroupId": "string",
  • "AmtProfileId": 1,
  • "SetsRandomMebxPassword": true,
  • "AdminCredential": {
    },
  • "UsesEmaAccount": true,
  • "AmtCertificateId": 0
}

Response samples

Content type
{
  • "AmtSetupId": "string",
  • "Type": "auto",
  • "PID": "string",
  • "Creation": "2019-08-24T14:15:22Z",
  • "SetsRandomMebxPassword": true,
  • "Profile": {
    },
  • "State": "creation",
  • "StateString": "string",
  • "ExtraAmtInfo": {
    },
  • "AmtProfileId": 0
}

AuditEvents

Gets a list of Audit Events filterable by optional query string parameters.

Roles required: Global Administrator, Tenant Administrator

Note: Global Administrators can only access Audit Events not associated with a TenantId.

Timestamps are recorded in UTC. Use UTC format when filtering with startDateTime and/or endDateTime. For example, "2020-01-29T15:10:38.017Z"

query Parameters
resourceName
string

Resource Name of Audit Events

resourceId
string

Resource Id of Audit Events

callerName
string

Caller Name of Audit Events

callerId
string <uuid>

Caller Id of Audit Events

source
string
Enum: "Unknown" "Reserved1" "SwarmServer" "AjaxServer" "WebApi" "RecoveryServer" "ManageabilityServer" "FileActionsServer" "PlatformManager"

Source (enum) of Audit Events. If the value is a string and the string is not a valid string name of the enumeration item, it will be ignored.

action
string
Enum: "NoAction" "Login" "Logout" "PageLoad" "Starting" "Stopping" "CreateAjaxCookie" "CreateRoutingCookie" "NewMesh" "PowerAction" "AccountDelete" "MeshDelete" "NodeDelete" "AlertMessage" "HttpRedirect" "TcpRedirect" "TestEvent" "AjaxKVM" "AjaxTerminal" "AjaxFiles" "WebSocketDirect" "WebSocketManagement" "Stats" "FileDownload" "FileUpload" "AddAccess" "RemoveAccess" "AmtProvisioningRecordSet" "AmtProvisioningRecordClear" "AmtProvisioningRecordAttempt" "AmtProvisioningRecordUsed" "AmtProvisioningRecordFail" "AgentConnect" "UserFeedback" "UserNodeEvent" "UserMeshEvent" "UserEvent" "AmtRedirectError" "AmtPowerActionSuccess" "AmtPowerActionFailed" "Translation" "NodeEvent" "AgentUninstalled" "NodeMovedToDifferentMesh" "ProcessAmtPreCheck" "UnexpectedError" "NewUser" "EditUser" "RemoveUser" "NewTenant" "EditTenant" "RemoveTenant" "NewGroup" "EditGroup" "RemoveGroup" "UsersInGroupAdded" "UsersInGroupRemoved" "NewRole" "UserRoleChange" "UserAddedToGroup" "UserRemovedFromGroup" "BaseRolesCreated" "AccessDenied" "WebApiEvent" "WMI" "FileDeliver" "FileExecution" "FileSearch" "FileShortOps" "New802_1xSetup" "Edit802_1xSetup" "Delete802_1xSetup" "AMTDiscovery_ByIP" "AMTDiscovery_ByIPAutomatically" "AMTDiscovery_Cancel" "AMTDiscovery_BySubnet" "AMTDiscovery_BySubnetAutomatically" "AMTDiscovery_ByIPRange" "AMTDiscovery_ByIPRangeAutomatically" "AMTDiscovery_ByLocalBroadcast" "AMTDiscovery_ByLocalBroadcastAutomatically" "NewAmtProfile" "EditAmtProfile" "DeleteAmtProfile" "NewAmtProvisioningCertificate" "NewGeneralCertificate" "DeleteAmtProvisioningCertificate" "DeleteManualProvisioning_AMTSetup" "DeleteAutoProvisioning_AMTSetup" "Provision_AMTSetup" "Unprovision_AMTSetup" "AutoProvisioningForEndpointGroup_AMTSetup" "MeshUpdate" "EndpointIBOperation_Reboot" "EndpointIBOperation_Sleep" "EndpointIBOperation_Hibernate" "EndpointIBOperation_Shutdown" "EndpointIBOperation_Alert" "EndpointOOBOperation_Multiple_PowerOn" "EndpointOOBOperation_Multiple_SleepLight" "EndpointOOBOperation_Multiple_SleepDeep" "EndpointOOBOperation_Multiple_PowerCycleOffSoft" "EndpointOOBOperation_Multiple_PowerOffHard" "EndpointOOBOperation_Multiple_Hibernate" "EndpointOOBOperation_Multiple_PowerOffSoft" "EndpointOOBOperation_Multiple_PowerCycleOffHard" "EndpointOOBOperation_Multiple_MasterBusReset" "EndpointOOBOperation_Multiple_PowerOffSoftGraceful" "EndpointOOBOperation_Multiple_PowerOffHardGraceful" "EndpointOOBOperation_Multiple_MasterBusResetGraceful" "EndpointOOBOperation_Multiple_PowerCycleOffSoftGraceful" "EndpointOOBOperation_Multiple_PowerCycleOffHardGraceful" "EndpointOOBOperations_Single_PowerOn" "EndpointOOBOperations_Single_SleepLight" "EndpointOOBOperations_Single_SleepDeep" "EndpointOOBOperations_Single_PowerCycleOffSoft" "EndpointOOBOperations_Single_PowerOffHard" "EndpointOOBOperations_Single_Hibernate" "EndpointOOBOperations_Single_PowerOffSoft" "EndpointOOBOperations_Single_PowerCycleOffHard" "EndpointOOBOperations_Single_MasterBusReset" "EndpointOOBOperations_Single_PowerOffSoftGraceful" "EndpointOOBOperations_Single_PowerOffHardGraceful" "EndpointOOBOperations_Single_MasterBusResetGraceful" "EndpointOOBOperations_Single_PowerCycleOffSoftGraceful" "EndpointOOBOperations_Single_PowerCycleOffHardGraceful" "UserGroupAssignedToEndpointGroup" "UserGroupDisassociatedFromEndpointGroup" "NewWiFiSetup" "EditWiFiSetup" "DeleteWiFiSetup" "GetAmtRoutingCookie" "ValidateAjaxCookie" "AmtWSMAN" "CheckUserAccess" "GetSwarmServerId" "MeshTargetHop" "MutliTargetHop" "EditAjaxServerSettings" "EditFileActionsServerSettings" "EditManageabilityServerSettings" "EditSwarmServerSettings" "EditWebServerSettings" "DecodeRoutingCookie" "GetCRL" "RevokeCertificate" "ResetCRL" "ResumableUploadCreate" "ResumableUploadAppend" "ResumableUploadDelete" "FileUploadRegister" "UsbrImageUpdated" "UsbrImageDeleted" "EndpointOOBOperations_Multiple_PowerCycleToIderIsoSol" "EndpointOOBOperations_Single_PowerCycleToIderIsoSol" "UsbrSessionStarted" "UsbrSessionStopped" "UsbrTempFileDeletedFromDatabase" "UsbrTempFileDeletedFromFilesystem" "UsbrTenantDirectoryDeletedFromFilesystem" "UsbrTenantFileDeletedFromFilesystem" "DosRateLimitedPreAuth" "DosRateLimitedPostAuth" "DosConnectionCount" "DosTcpIdle" "EditSecuritySettings" "DosRateLimitedHttp" "UserConsentCancel" "UserConsentChangeSpriteDisplay" "UserConsentStarted" "UserConsentSendCode" "GetServerSettingsCertificate" "ResetBootSettings" "EditRecoveryServerSettings" "StartPlatformErase"

Action (enum) of Audit Events. If the value is a string and the string is not a valid string name of the enumeration item, it will be ignored.

resourceType
string
Enum: "NONE" "ROLE" "TENANT" "ENDPOINT_GROUP" "USER_GROUP" "USER" "ENDPOINT" "INTEL_AMT_SETUP" "AMTPROFILE" "WIFISETUP" "AJAXCOOKIE" "SERVERID" "AMT_PROVISIONING_CERTIFICATE" "DEFAULT" "_802_1XSETUP" "AMTDISCOVERY" "BEARER_TOKEN" "ROUTING_COOKIE" "SERVERSETTINGS" "CRL" "RESUMABLE_UPLOAD" "USBR_IMAGE" "USBR_SESSION" "USBR_ORPHAN_FILE_CLEANUP" "PORT" "SERVER_SETTINGS_CERTIFICATE" "REMOTE_ERASE" "ONE_CLICK_RECOVERY"

Resource Type (enum) of Audit Events. If the value is a string and the string is not a valid string name of the enumeration item, it will be ignored.

startDateTime
string

Start DateTime of a range of Audit Events in UTC format, e.g., 2020-01-29T15:10:38.017Z. If the string cannot be parsed as date time, it will be ignored.

endDateTime
string

End DateTime of a range of Audit Events in UTC format, e.g., 2020-01-29T15:10:38.017Z. If the string cannot be parsed as date time, it will be ignored.

Responses

Response samples

Content type
[
  • {
    }
]

ClientCredentials

Gets a list of Client credentials objects

Role required: Global Administrator or Tenant Administrator.

  • If caller user is Global Administrator, this method will return all Client Credentials in all Tenants unless a specific tenantId is provided.
  • If caller user is Tenant Administrator, this method will return only Client Credentials for that Tenant.
query Parameters
tenantId
string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

Response samples

Content type
[
  • {
    }
]

Creates a set of client credentials for a Tenant. Only one Client credentials account is allowed per Tenant.

Role required: Global Administrator or Tenant Administrator.

Required parameters:

  • Client_secret
  • MaxFailedLoginAttempts - Min 5, Max 15, Default 10
  • TokenLifetimeHours - Min 1, Max 24, Default 1

Client Secret Requirements

--at least 12 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character
Request Body schema:
id
integer <int32>
userId
string <uuid>
client_id
string <uuid>
client_secret
required
string
tenantId
string <uuid>
maxFailedLoginAttempts
integer <int32> [ 5 .. 15 ]
tokenLifetimeHours
integer <int32> [ 1 .. 24 ]

Responses

Request samples

Content type
{
  • "id": 0,
  • "userId": "00000000-0000-0000-0000-000000000000",
  • "client_id": "00000000-0000-0000-0000-000000000000",
  • "client_secret": "string",
  • "tenantId": "00000000-0000-0000-0000-000000000000",
  • "maxFailedLoginAttempts": 5,
  • "tokenLifetimeHours": 1
}

Response samples

Content type
{
  • "id": 0,
  • "userId": "00000000-0000-0000-0000-000000000000",
  • "name": "string",
  • "client_id": "00000000-0000-0000-0000-000000000000",
  • "client_secret": "string",
  • "tenantId": "00000000-0000-0000-0000-000000000000",
  • "scope": "string",
  • "maxFailedLoginAttempts": 0,
  • "tokenLifetimeHours": 0,
  • "enabled": true
}

Updates Client Credentials for a Tenant.

Role required: Global Administrator or Tenant Administrator.

  • Global Administrators can update any Client Credentials account.
  • Only Tenant Administrators that share the same Tenant Id with a Client Credentials account, can update it.

Parameters allowed to be updated:

  • Client_secret
  • TokenLifetimeHours - Min 1, Max 24, Default 1
  • Enabled status

Client Secret Requirements

--at least 12 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character
path Parameters
clientCredentialsId
required
string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Request Body schema:
client_secret
string
tokenLifetimeHours
integer <int32> [ 1 .. 24 ]
enabled
boolean

Responses

Request samples

Content type
{
  • "client_secret": "string",
  • "tokenLifetimeHours": 1,
  • "enabled": true
}

Response samples

Content type
{
  • "id": 0,
  • "userId": "00000000-0000-0000-0000-000000000000",
  • "name": "string",
  • "client_id": "00000000-0000-0000-0000-000000000000",
  • "client_secret": "string",
  • "tenantId": "00000000-0000-0000-0000-000000000000",
  • "scope": "string",
  • "maxFailedLoginAttempts": 0,
  • "tokenLifetimeHours": 0,
  • "enabled": true
}

Deletes Client Credentials for a Tenant.

Role required: Global Administrator or Tenant Administrator.

  • Global Administrators can delete any Client Credentials account.
  • Only Tenant Administrators that share the same Tenant Id with a Client Credentials account, can delete it.
path Parameters
clientCredentialsId
required
string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

CRL

CRL Operations

Role required: Global Administrator.

Responses

Response samples

Content type
{ }

Adds entry to the CRL. i.e., revokes a certificate

Role required: Global Administrator.

For serial number open the certificate to see details in Windows and find the Serial number's hex value.

Following are the accepted revocation reason codes:

  1. Unspecified (0)
  2. keyCompromise (1)
  3. cACompromise (2)
  4. affiliationChanged (3)
  5. superseded (4)
  6. cessationOfOperation (5)
  7. certificateHold (6)
  8. removeFromCRL (8)
  9. privilegeWithdrawn (9)
  10. aACompromise (10)

If restartEmaComponent is set to true, it will immediately restart all the EMA servers and the IIS default app pool hosting the EMA Website.

query Parameters
restartEmaComponent
boolean

Indicates whether to restart EMA Service, as changes to its configuration are applied only when the services are restarted.

Request Body schema:

Json with CRLEntry.

serialNumber
required
string
reasonCode
required
integer <int32>

Responses

Request samples

Content type
{
  • "serialNumber": "string",
  • "reasonCode": 0
}

Resets the CRL to empty CRL.

Role required: Global Administrator.

If restartEmaComponent is set to true, it will immediately restart all the EMA servers and the IIS default app pool hosting the EMA Website.

query Parameters
restartEmaComponent
boolean

Indicates whether to restart EMA Service, as changes to its configuration are applied only when the services are restarted.

Responses

EndpointGroups

Gets a collection of Endpoint Group summaries.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Read right to the resource.

Responses

Response samples

Content type
[
  • {
    }
]

Creates a new Endpoint Group

Role required: Tenant Administrator or Endpoint Group Creator.

Password is needed when the endpoint group's policy needs to be modified. Currently, the modification of the policy is not supported yet.

Password requirements:

--between 8 characters and 255 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character

UserConsentKVM_Timeout requirements:

--timeout value must fall between 1 and 65
--timeout in seconds
--this value will be taken if the AllowUserConsentKVM web permission is enabled
Request Body schema:
Name
required
string
Description
required
string
Password
required
string.*(?=^.{8,255}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z]...
UserConsentKVM_Timeout
integer <int32>

Define timeout in seconds to show user consent window for In-Band KVM connection before reject the operation

required
object (EndpointGroupPermissions)

Responses

Request samples

Content type
{
  • "Name": "string",
  • "Description": "string",
  • "Password": "string",
  • "UserConsentKVM_Timeout": 0,
  • "Permissions": {
    }
}

Response samples

Content type
{
  • "Name": "string",
  • "Description": "string",
  • "EndpointGroupId": "string",
  • "TenantId": "string",
  • "LastUpdated": "2019-08-24T14:15:22Z",
  • "UserConsentKVM_Timeout": 0,
  • "Permissions": {
    }
}

Gets the details of a Endpoint Group by ID.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Read right to the resource.

path Parameters
endpointGroupId
required
string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

Content type
{
  • "Name": "string",
  • "Description": "string",
  • "EndpointGroupId": "string",
  • "TenantId": "string",
  • "LastUpdated": "2019-08-24T14:15:22Z",
  • "UserConsentKVM_Timeout": 0,
  • "Permissions": {
    }
}

Updates an Endpoint Group.

Role required: Tenant Administrator or Endpoint Group Creator.

The only property that can be updated is Description.

path Parameters
endpointGroupId
required
string
Request Body schema:
Description
required
string
EndpointGroupId
required
string

Responses

Request samples

Content type
{
  • "Description": "string",
  • "EndpointGroupId": "string"
}

Response samples

Content type
{
  • "Name": "string",
  • "Description": "string",
  • "EndpointGroupId": "string",
  • "TenantId": "string",
  • "LastUpdated": "2019-08-24T14:15:22Z",
  • "UserConsentKVM_Timeout": 0,
  • "Permissions": {
    }
}

Deletes an Endpoint Group.

Role required: Tenant Administrator or Endpoint Group Creator.

path Parameters
endpointGroupId
required
string

Hex string with 64 characters and without the 0x prefix

Responses

Gets the .msh file associated with an Endpoint Group.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Read right to the resource.

path Parameters
endpointGroupId
required
string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

Content type
{ }

Gets the highest access right for a User to an Endpoint Group.

Role required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User.

The access rights that a User has to an Endpoint Group are obtained by way of membership in User Group(s) assigned to that Endpoint Group.

path Parameters
endpointGroupId
required
string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

Content type
{
  • "AccessRightsId": 0,
  • "AccessRights": "string"
}

EndpointIBOperations

Submits batch request to reboot Endpoints inband

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User

The action must be allowed by the Endpoint's Endpoint Group.

With an HTTP 200, the response list will contain only those EndpointIds for which a request was put on the message bus. EndpointIds for which a request was not put on the message bus for one reason or another will not appear in the response list.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits batch request to sleep Endpoints inband

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User

The action must be allowed by the Endpoint's Endpoint Group.

With an HTTP 200, the response list will contain only those EndpointIds for which a request was put on the message bus. EndpointIds for which a request was not put on the message bus for one reason or another will not appear in the response list.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits batch request to hibernate Endpoints inband

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User

The action must be allowed by the Endpoint's Endpoint Group.

With an HTTP 200, the response list will contain only those EndpointIds for which a request was put on the message bus. EndpointIds for which a request was not put on the message bus for one reason or another will not appear in the response list.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits batch request to shutdown Endpoints inband

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User

The action must be allowed by the Endpoint's Endpoint Group.

With an HTTP 200, the response list will contain only those EndpointIds for which a request was put on the message bus. EndpointIds for which a request was not put on the message bus for one reason or another will not appear in the response list.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits batch request to alert Endpoints inband

Roles required: Tenant Administrator, Endpoint Group Creator or Endpoint Group User

The action must be allowed by the Endpoint's Endpoint Group.

With an HTTP 200, the response list will contain only those EndpointIds for which a request was put on the message bus. EndpointIds for which a request was not put on the message bus for one reason or another will not appear in the response list.

On receiving an alert, an Endpoint's desktop will popup a MessageBox that closes after a specified duration.

Request Body schema:

An object containing a list of Endpoints to which an alert will popup with indicated message and for a specified duration.
•Message: Allowed characters: space, enter, 0-9, a-z, A-Z. Maximum length: 510.
•Duration(seconds): A number between 0 and 300, with 0 for indefinite.

required
Array of objects (EndpointIdDTO)
Message
required
string^[ \r\n\dA-Za-z0-9]+$
Duration
integer <int32> [ 0 .. 300 ]

Responses

Request samples

Content type
{
  • "EndpointIds": [
    ],
  • "Message": "string",
  • "Duration": 300
}

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

EndpointOOBOperations

Submits a batch request to perform an out of band PowerOn operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. It will send also a Wake on LAN (WOL) request to all listed endpoints, but only Intel(R) vPro(TM) endpoints are officially supported. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Sleep light operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Sleep Deep operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Power Cycle (Off soft) operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Power off - Hard operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Hibernate operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Power Off-Soft operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Power Cycle (Off hard) operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Master Bus Reset operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Power Off - Soft Graceful operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Power Off - Hard Graceful operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Master Bus Reset Graceful operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Power Cycle (Off - Soft Graceful) operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band Power Cycle (Off - Hard Graceful) operation on multiple endpoints

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band boot to USB-R CD/DVD (*.iso) on multiple endpoints Deprecated

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

If no boot-able CD/DVD image is mounted, this power command will boot based on the endpoint's boot order set in BIOS.

If a target endpoint in the input list is powered off and/or user consent is required the requested operation for that target endpoint will fail.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a batch request to perform an out of band boot to USB-R floppy (*.img) on multiple endpoints Deprecated

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

If no boot-able floppy image is mounted, this power command will boot based on the endpoint's boot order set in BIOS.

If a target endpoint in the input list is powered off and/or user consent is required the requested operation for that target endpoint will fail.

With an HTTP 200, the response list will contain those EndpointIds for which a request was put on the message bus in Accepted list. EndpointIds for which a request was not put on the message bus will appear in the Forbidden, NotFound, BadRequest or InternalServerError list, depending on the case.

Request Body schema:

List of EndpointId objects

Array
EndpointId
required
string 64 characters

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
{
  • "Accepted": [
    ],
  • "Forbidden": [
    ],
  • "NotFound": [
    ],
  • "BadRequest": [
    ],
  • "InternalServerError": [
    ]
}

Submits a request to perform an out of band PowerOn operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Sleep Light operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Sleep Deep operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Power Cycle (Off Soft) operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Power Off - Hard operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Hibernate operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Power Off - Soft operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Power Cycle (Off Hard) operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Master Bus Reset operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Power Off - Soft Graceful operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Power Off - Hard Graceful operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Master Bus Reset Graceful operations

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Power Cycle (Off - Soft Graceful) operations

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band Power Cycle (Off - Hard Graceful) operation

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band boot to USB-R CD/DVD (*.iso)

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

If no boot-able CD/DVD image is mounted, this power command will boot based on the endpoint's boot order set in BIOS.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Submits a request to perform an out of band boot to USB-R floppy (*.img)

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

If no boot-able floppy image is mounted, this power command will boot based on the endpoint's boot order set in BIOS.

Request Body schema:

EndpointId object

EndpointId
required
string 64 characters

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri"
}

Response samples

Content type
"string"

Endpoints

Gets the details of an Endpoint by ID

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Read right to the resource.

path Parameters
endpointId
required
string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri",
  • "EndpointGroupId": "stringstringstringstringstringstringstringstringstringstringstri",
  • "EndpointGroupName": "string",
  • "LastUpdate": "2019-08-24T14:15:22Z",
  • "ComputerName": "string",
  • "PlatformType": 0,
  • "AgentVersion": "string",
  • "AgentType": "string",
  • "PowerState": 0,
  • "PowerStateUpdate": "2019-08-24T14:15:22Z",
  • "IsConnected": true,
  • "IsCiraConnected": true,
  • "NodeIdentity": 0,
  • "OperatingSystem": "string",
  • "NeighborsCount": 0,
  • "AgentLocalAdminMode": "unknown",
  • "NetworkInterfaces": [
    ],
  • "MEInfo": {
    }
}

Deletes an Endpoint by ID

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Delete right to the resource.

Note: This will stop any active USB-R session to this endpoint

path Parameters
endpointId
required
string

Hex string with 64 characters and without the 0x prefix

Responses

Gets the Hardware information of an Endpoint using Id and AMT connection

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Read right to the resource. The Return code Not Found means endpoint doesn't exist or hardware information for it is not found as the endpoint doesn't support AMT requests

path Parameters
endpointId
required
string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

Content type
{
  • "AmtPlatformInfo": {
    },
  • "AmtBaseBoardInfo": {
    },
  • "AmtBiosInfo": {
    },
  • "AmtProcessorInfo": [
    ],
  • "AmtMemoryModuleInfo": [
    ],
  • "AmtStorageMediaInfo": [
    ]
}

Get a collection of Endpoint summaries, filterable by EndpointGroupId or HostName.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User.

If endpointGroupId is not specified or empty, get a collection of Endpoint summaries for all endpoint groups that this user has access to.

query Parameters
endpointGroupId
string

Endpoint Group ID

computerName
string

String as input which need to pass Computer/Host Name need to search

computerNameStartsWith
string

String as input search whose Computer/Host Name stars with given input

computerNameContains
string

String as input search whose Computer/Host Name contains given input

Responses

Response samples

Content type
[
  • {
    }
]

Get the supported platform capabilities of an endpoint by Id

Role required: Tenant Administrator, Client credentials endpoint manager, or Endpoint Group Creator or Endpoint Group User with Read right to the resource. The Return code Not Found means endpoint doesn't exist or hardware information for it is not found as the endpoint doesn't support AMT requests

path Parameters
endpointId
required
string

Hex string with 64 characters and without the 0x prefix

Responses

Response samples

Content type
{
  • "AmtBootCapabilities": {
    }
}

FileUploads

Gets the constraints for performing a file upload based on file type.

Role required: Tenant Administrator

fileType is a required query string parameter. Filetypes supported: usbr

query Parameters
fileType
string

Type of file to be uploaded

Responses

Response samples

Content type
{
  • "MaxBytesPerUploadRequest": 0,
  • "MaxStorageCapacityInBytes": 0,
  • "RemainingStorageCapacityInBytes": 0,
  • "ResumableUploadValidityPeriodInDays": 0
}

Uploads a file using a single request.

Role required: Tenant Administrator

This upload method is ideal for a file with a size that is within the threshold of MaxBytesPerUploadRequest, which can be obtained with GET /api/{version}/fileUploads/settings

fileType is a required query string parameter. Filetypes supported: usbr

Use multipart/form-data to attach one file with filename of up to 128 chars and with the optional field:
Description: string (256 max chars)

query Parameters
fileType
string

FileTypes name

Responses

Response samples

Content type
{
  • "ResourceUri": "string"
}

Gets the collection of resumable upload statuses.

Role required: Tenant Administrator

fileType is a required query string parameter. Filetypes supported: usbr

query Parameters
fileType
string

FileTypes name

Responses

Response samples

Content type
[
  • {
    }
]

Starts a resumable upload with the first chunk of a file.

Role required: Tenant Administrator

This upload method is ideal for a file with a size that is within the threshold of MaxBytesPerUploadRequest, which can be obtained with GET /api/{version}/fileUploads/settings

fileType is a required query string parameter. Filetypes supported: usbr

Use multipart/form-data to attach one file chunk with the following required fields:
fileName: string (128 max chars)
fileSize: int (total bytes of a completed file)
The following field is optional:
description: string (256 max chars)

After uploading the first chunk, use PUT to upload each subsequent chunk, which will be appended in order to the file until it is complete. The resumable upload needs to be completed before the session expires.

query Parameters
fileType
string

FileTypes name

Responses

Response samples

Content type
{
  • "ResumableId": "00000000-0000-0000-0000-000000000000",
  • "FileName": "string",
  • "FileType": "string",
  • "UploadedBytes": 0,
  • "FileSize": 0,
  • "Description": "string",
  • "Expiration": "2019-08-24T14:15:22Z",
  • "ResourceUri": "string"
}

Gets the status of a resumable upload by Id.

Role required: Tenant Administrator

path Parameters
resumableId
required
string

Guid format: 00000000-0000-0000-0000-000000000000

Responses

Response samples

Content type
{
  • "ResumableId": "00000000-0000-0000-0000-000000000000",
  • "FileName": "string",
  • "FileType": "string",
  • "UploadedBytes": 0,
  • "FileSize": 0,
  • "Description": "string",
  • "Expiration": "2019-08-24T14:15:22Z",
  • "ResourceUri": "string"
}

Uploads a subsequent chunk of a resumable upload.

Role required: Tenant Administrator

Use multipart/form-data to attach one file chunk.
Each subsequent chunk will be appended to the file in order until it is complete. The resumable upload needs to be completed before the session expires. When a file is completed, the resumable upload session will be removed.

path Parameters
resumableId
required
string

Responses

Response samples

Content type
{
  • "ResumableId": "00000000-0000-0000-0000-000000000000",
  • "FileName": "string",
  • "FileType": "string",
  • "UploadedBytes": 0,
  • "FileSize": 0,
  • "Description": "string",
  • "Expiration": "2019-08-24T14:15:22Z",
  • "ResourceUri": "string"
}

Cancels a resumable upload by Id.

Role required: Tenant Administrator

path Parameters
resumableId
required
string

Guid format: 00000000-0000-0000-0000-000000000000

Responses

Response samples

Content type
{ }

Roles

Gets a collection of Roles.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

Responses

Response samples

Content type
[
  • {
    }
]

Gets the details of a Role by ID.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

path Parameters
roleId
required
integer <int32>

Role ID

Responses

Response samples

Content type
{
  • "RoleId": 0,
  • "Name": "string",
  • "Description": "string",
  • "LastUpdated": "2019-08-24T14:15:22Z",
  • "Enabled": true,
  • "TenantId": "00000000-0000-0000-0000-000000000000"
}

SecureErase

Submits a request to get status associated with Remote Secure Erase.

Roles required: Tenant Administrator, Client credentials endpoint manager or user in a UserGroup with Execute privileges associated to target EndpointGroup.

The status returned will be only at the time the call is made. It is recommended to poll this API in a loop as needed to get regular status updates

Returns BiosBootStatus object that contains BiosStatus and its value, BiosErrorStatus and its value.

path Parameters
endpointId
required
string

EndpointId object

Responses

Response samples

Content type
{
  • "BiosStatus": "success",
  • "BiosStatusMessage": "string",
  • "BiosErrorStatus": "successOrInProgress",
  • "BiosErrorStatusMessage": "string"
}

Submits a request to start remote secure erase.

Roles required: Tenant Administrator, Client credentials endpoint manager or user in a UserGroup with Execute privileges associated to target EndpointGroup.

The status returned will be only at the time the call is made. It is recommended to poll this API in a loop as needed to get regular status updates

The drive master password must be between 1 and 32 characters in length.

This operation will attempt to securely erase the endpoint’s whole drive. If the operation is successful the Intel EMA agent on the endpoint will no longer be operable. If it was provisioned with CIRA mode, the endpoint will still be provisioned and OOB operations via CIRA connection will still be possible.

Use this operation on endpoints in either the shutdown or power-on state. Do not use this operation on endpoints that are in hibernate or sleep state. The Endpoint API can be used to get the endpoint’s current power state, and the EndpointOOBOperations API can be used to set the endpoint’s power state.

path Parameters
endpointId
required
string

EndpointId object

Request Body schema:

Object that encapsulates the drive master password

Password
required
string

Responses

Request samples

Content type
{
  • "Password": "string"
}

Submits a request to clear settings associated with Remote Secure Erase.

Roles required: Tenant Administrator, Client credentials endpoint manager or user in a UserGroup with Execute privileges associated to target EndpointGroup.

path Parameters
endpointId
required
string

EndpointId object

Responses

Response samples

Content type
"success"

ServerCertificates

Gets a collection of server certificates.

Role required: Global Administrator

Responses

Response samples

Content type
[
  • {
    }
]

Gets a server certificate by name

Role required: Global Administrator

path Parameters
certificateName
required
string

The certificate name used in Intel(R) EMA database. This is not the subject name or the common name.

Responses

Response samples

Content type
{
  • "Name": "string",
  • "CommonName": "string",
  • "NotBefore": "2019-08-24T14:15:22Z",
  • "NotAfter": "2019-08-24T14:15:22Z",
  • "HasPrivateKey": true,
  • "Thumbprint": "string",
  • "Pem": "string",
  • "LastModified": "2019-08-24T14:15:22Z"
}

Gets the .CER file of an server certificate by name

Role required: Global Administrator

The filename of the .CER file will will be specified in the "filename" parameter of the "Content-Disposition" header.

path Parameters
certificateName
required
string

The certificate name used in Intel(R) EMA database. This is not the subject name or the common name.

Responses

Tenants

Gets a collection of Tenants .

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User.

Responses

Response samples

Content type
[
  • {
    }
]

Creates a Tenant.

Role required: Global Administrator

Request Body schema:

Tenant object to create.

CreatedBy
string <uuid>
CreatedOn
string <date-time>
TenantId
string <uuid>
ModifiedBy
string <uuid>
ModifiedOn
string <date-time>
Description
required
string
Name
required
string

Responses

Request samples

Content type
{
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "Description": "string",
  • "Name": "string"
}

Response samples

Content type
{
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "Description": "string",
  • "Name": "string"
}

Gets the details of a Tenant by ID.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User.

path Parameters
tenantId
required
string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

Response samples

Content type
{
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "Description": "string",
  • "Name": "string"
}

Updates a Tenant.

Role required: Global Administrator

Only the fields Name and Description can be updated.

path Parameters
tenantId
required
string <uuid>

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Request Body schema:

Tenant object to update

CreatedBy
string <uuid>
CreatedOn
string <date-time>
TenantId
string <uuid>
ModifiedBy
string <uuid>
ModifiedOn
string <date-time>
Description
required
string
Name
required
string

Responses

Request samples

Content type
{
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "Description": "string",
  • "Name": "string"
}

Response samples

Content type
{
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "Description": "string",
  • "Name": "string"
}

Deletes a Tenant By ID

Role required: Global Administrator

During tenant deletion, the active USBR sessions for the tenant are stopped, and the USBR image files for the tenant are deleted.

path Parameters
tenantId
required
string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

UsbrImages

Gets a collection of USBR image metadata.

Role required: Tenant Administrator, EndPoint Group Creator, EndPoint Group User

File hash is SHA2-256.

Responses

Response samples

Content type
[
  • {
    }
]

Gets a USBR image metadata by Id.

Role required: Tenant Administrator, EndPoint Group Creator, EndPoint Group User

File hash is SHA2-256.

path Parameters
usbrImageId
required
integer <int32>

Id of USBR image metadata

Responses

Response samples

Content type
{
  • "UsbrImageId": 0,
  • "FileName": "string",
  • "FileDescription": "string",
  • "FileBytes": 0,
  • "LastUpdated": "2019-08-24T14:15:22Z",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "FileHashString": "string"
}

Updates a USBR image metadata by Id.

Role required: Tenant Administrator

Only the name and the description of the image can be updated. All other fields are read-only.

Filename must be unique per tenant.

File hash is SHA2-256.

path Parameters
usbrImageId
required
integer <int32>

Id of USBR image metadata to update

Request Body schema:

Updated USBR image metadata

UsbrImageId
integer <int32>
FileName
required
string
FileDescription
required
string
FileBytes
integer <int64>
LastUpdated
string <date-time>
TenantId
string <uuid>
FileHashString
string

Responses

Request samples

Content type
{
  • "UsbrImageId": 0,
  • "FileName": "string",
  • "FileDescription": "string",
  • "FileBytes": 0,
  • "LastUpdated": "2019-08-24T14:15:22Z",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "FileHashString": "string"
}

Response samples

Content type
{
  • "UsbrImageId": 0,
  • "FileName": "string",
  • "FileDescription": "string",
  • "FileBytes": 0,
  • "LastUpdated": "2019-08-24T14:15:22Z",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "FileHashString": "string"
}

Deletes a USBR image file and its metadata by Id.

Role required: Tenant Administrator

This operation deletes both the metadata and file of a USBR image given the Id.

path Parameters
usbrImageId
required
integer <int32>

Id of USBR Image to delete

Responses

UsbrSessions

Gets a list of USB-R sessions per tenant and with an option to filter by status.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the resource.

query Parameters
status
string
Enum: "initialized" "connected" "connectionDroppedMaxSessions" "disconnectedByUser" "disconnectedDueToError" "disconnectedDueToIdleTimeout" "disconnectedDueToUserConsent"

Status (enum) of USB-R Session. If the value is a string and the string is not a valid string name of the enumeration item, it will be ignored.

Responses

Response samples

Content type
[
  • {
    }
]

Submits a request to start USB-R session for the specified endpoint.

Role required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

Accepted values for startMode are iderSetOnReset, iderSetGracefully, iderSetImmediately

The request requires both UsbrImageIsoId and UsbrImageImgId if only one image is used, then use 0 as the ID for the other.

Request Body schema:

usbrStartSessionRequestModel object for starting the session

EndpointId
required
string 64 characters
UsbrImageImgId
required
integer <int32> [ 0 .. 2147483647 ]
UsbrImageIsoId
required
integer <int32> [ 0 .. 2147483647 ]
StartMode
required
string
Enum: "iderSetOnReset" "iderSetGracefully" "iderSetImmediately"

Responses

Request samples

Content type
{
  • "EndpointId": "stringstringstringstringstringstringstringstringstringstringstri",
  • "UsbrImageImgId": 2147483647,
  • "UsbrImageIsoId": 2147483647,
  • "StartMode": "iderSetOnReset"
}

Response samples

Content type
{
  • "UsbrSessionId": "00000000-0000-0000-0000-000000000000",
  • "UsbrImageImgName": "string",
  • "UsbrImageIsoName": "string",
  • "EndpointId": "string",
  • "EndpointName": "string",
  • "UsbrImageImgId": 0,
  • "UsbrImageIsoId": 0,
  • "Status": "string",
  • "LastUpdated": "2019-08-24T14:15:22Z",
  • "UserId": "00000000-0000-0000-0000-000000000000",
  • "Username": "string",
  • "IdleTimeSeconds": 0,
  • "SessionDurationSeconds": 0
}

Submits a request to stop a USB-R session.

Role required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup.

path Parameters
usbrSessionId
required
string

USB-R session unique identifier

Responses

Response samples

Content type
{
  • "UsbrSessionId": "00000000-0000-0000-0000-000000000000",
  • "UsbrImageImgName": "string",
  • "UsbrImageIsoName": "string",
  • "EndpointId": "string",
  • "EndpointName": "string",
  • "UsbrImageImgId": 0,
  • "UsbrImageIsoId": 0,
  • "Status": "string",
  • "LastUpdated": "2019-08-24T14:15:22Z",
  • "UserId": "00000000-0000-0000-0000-000000000000",
  • "Username": "string",
  • "IdleTimeSeconds": 0,
  • "SessionDurationSeconds": 0
}

Gets USB-R request status for an AMT Endpoint by USB-R session Id.

Role required: Tenant Administrator, or Endpoint Group Creator or Endpoint Group User with Execute right to the resource.

path Parameters
usbrSessionId
required
string

USB-R Session ID

Responses

Response samples

Content type
{
  • "UsbrSessionId": "00000000-0000-0000-0000-000000000000",
  • "UsbrImageImgName": "string",
  • "UsbrImageIsoName": "string",
  • "EndpointId": "string",
  • "EndpointName": "string",
  • "UsbrImageImgId": 0,
  • "UsbrImageIsoId": 0,
  • "Status": "string",
  • "LastUpdated": "2019-08-24T14:15:22Z",
  • "UserId": "00000000-0000-0000-0000-000000000000",
  • "Username": "string",
  • "IdleTimeSeconds": 0,
  • "SessionDurationSeconds": 0
}

UserConsent

Gets the current User Consent State

Roles required: Tenant Administrator, user in a UserGroup with read privileges associated to target EndpointGroup and Client Credentials EndpointManager.

path Parameters
endpointId
required
string

Endpoint unique identifier

Responses

Response samples

Content type
{
  • "DefaultScreen": 0,
  • "UserConsentRequired": "none",
  • "State": "notStarted",
  • "UserConsentCodeTimeout": 0,
  • "UserConsentDisplayTimeout": 0,
  • "UserConsentRequiredMessage": "string",
  • "StateMessage": "string",
  • "DefaultScreenMessage": "string"
}

Start a User Consent session on the target endpoint.

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup and Client Credentials EndpointManager.

path Parameters
endpointId
required
string

Responses

Response samples

Content type
{ }

Send a User Consent code to endpoint Intel(R) AMT

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup and Client Credentials EndpointManager.

path Parameters
endpointId
required
string
Request Body schema:
integer <int32>

Responses

Request samples

Content type
0

Response samples

Content type
{ }

Cancels a User Consent session that has been started.

Roles required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup and Client Credentials EndpointManager.

path Parameters
endpointId
required
string

Responses

Response samples

Content type
{ }

Set the display that the User Consent Sprite will appear on.

Role required: Tenant Administrator, user in a UserGroup with Execute privileges associated to target EndpointGroup and Client Credentials EndpointManager.

path Parameters
endpointId
required
string

Target endpoint ID

Request Body schema:

Display to set the user consent sprite to

TargetDisplay
required
string
Enum: "primaryDisplay" "secondDisplay" "thirdDisplay"

Desired display to change the user consent sprite to.

Responses

Request samples

Content type
{
  • "TargetDisplay": "primaryDisplay"
}

Response samples

Content type
{ }

UserGroupMemberships

Gets a collection of names of User Group members.

Role required: Global Administrator, Tenant Administrator, Account Manager, or Endpoint Group Creator.

path Parameters
userGroupId
required
integer <int32>

User Group identifier

Responses

Response samples

Content type
[
  • {
    }
]

Add members to a User Group.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

With an HTTP 200, the response list will contain only those members that got added to the User Group. Members not added for one reason or another will not appear in the response list.

path Parameters
userGroupId
required
string

User Group ID

Request Body schema:
Array
UserName
required
string

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
[
  • {
    }
]

Removes members from a User Group.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

With an HTTP 200, the response list will contain only those members removed from the User Group. Members not removed for one reason or another will not appear in the response list.

path Parameters
userGroupId
required
string

User Group ID

Request Body schema:

Members to remove from a User Group

Array
UserName
required
string

Responses

Request samples

Content type
[
  • {
    }
]

Response samples

Content type
[
  • {
    }
]

UserGroups

Gets a collection of User Groups.

Role required: Global Administrator, Tenant Administrator, Account Manager, or Endpoint Group Creator.

Responses

Response samples

Content type
[
  • {
    }
]

Creates a new User Group having Execute or View right.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

For AccessRightsId, enter one of the two following values: 1 - Execute 2 - View

The roleId value will be automatically populated by the system

Request Body schema:

User Group object to create

UserGroupId
integer <int32>
Name
required
string
TenantId
string <uuid>
Description
required
string
CreatedOn
string <date-time>
CreatedBy
string <uuid>
ModifiedOn
string <date-time>
ModifiedBy
string <uuid>
RoleId
integer <int32>
AccessRightsId
required
string
Enum: "execute" "view"
AccessRights
string

Responses

Request samples

Content type
{
  • "UserGroupId": 0,
  • "Name": "string",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "Description": "string",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "RoleId": 0,
  • "AccessRightsId": "execute",
  • "AccessRights": "string"
}

Response samples

Content type
{
  • "UserGroupId": 0,
  • "Name": "string",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "Description": "string",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "RoleId": 0,
  • "AccessRightsId": "execute",
  • "AccessRights": "string"
}

Gets a User Group by ID.

Role required: Global Administrator, Tenant Administrator, Account Manager, or Endpoint Group Creator.

path Parameters
userGroupId
required
integer <int32>

User Group identifier

Responses

Response samples

Content type
{
  • "UserGroupId": 0,
  • "Name": "string",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "Description": "string",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "RoleId": 0,
  • "AccessRightsId": "execute",
  • "AccessRights": "string"
}

Updates a User Group by ID.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

The only fields that can be updated are Name, Description and AccessRights.

For AccessRightsId, enter one of the two following values: 1 - Execute 2 - View

The roleId value will be automatically populated by the system

path Parameters
userGroupId
required
integer <int32>

The User Group identifier

Request Body schema:

UserGroup object with updated data

UserGroupId
integer <int32>
Name
required
string
TenantId
string <uuid>
Description
required
string
CreatedOn
string <date-time>
CreatedBy
string <uuid>
ModifiedOn
string <date-time>
ModifiedBy
string <uuid>
RoleId
integer <int32>
AccessRightsId
required
string
Enum: "execute" "view"
AccessRights
string

Responses

Request samples

Content type
{
  • "UserGroupId": 0,
  • "Name": "string",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "Description": "string",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "RoleId": 0,
  • "AccessRightsId": "execute",
  • "AccessRights": "string"
}

Response samples

Content type
{
  • "UserGroupId": 0,
  • "Name": "string",
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "Description": "string",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "RoleId": 0,
  • "AccessRightsId": "execute",
  • "AccessRights": "string"
}

Deletes a User Group by ID.

Role required: Global Administrator, Tenant Administrator, or Account Manager.

path Parameters
userGroupId
required
integer <int32>

The User Group identifier.

Responses

UserGroupToEndpointGroupAssignments

Gets a collection of User Groups assigned to an Endpoint Group

Role required: Tenant Administrator, or Endpoint Group Creator.

path Parameters
endpointGroupId
required
string

Endpoint Group ID. Hex string with 64 characters and without the 0x prefix.

Responses

Response samples

Content type
[
  • {
    }
]

Assigns a User Group to an Endpoint Group

Role required: Tenant Administrator, or Endpoint Group Creator of a suitable User Group.

path Parameters
endpointGroupId
required
string

EndPoint Group ID. Hex string with 64 characters and without the 0x prefix.

Request Body schema:

UserGroup Identifier DTO object

UserGroupId
required
integer <int32> [ 1 .. 2147483647 ]

Responses

Request samples

Content type
{
  • "UserGroupId": 1
}

Response samples

Content type
{
  • "UserGroupId": 1
}

Disassociates an User Group from a Endpoint Group

Role required: Tenant Administrator, or Endpoint Group Creator of a suitable User Group.

path Parameters
endpointGroupId
required
string

Endpoint Group ID. Hex string with 64 characters and without the 0x prefix.

userGroupId
required
integer <int32>

User Group ID.

Responses

Users

Gets a collection of Users.

Role required: Global Administrator, Tenant Administrator, Account Manager, or Endpoint Group Creator.

Responses

Response samples

Content type
[
  • {
    }
]

Creates a User

Role required: Global Administrator, Tenant Administrator, or Account Manager.

TenantId is not required when a Global Administrator creates another Global Administrator.

If EMA installed in Windows Domain Authentication mode, the Username used for registering a new user must be its User Principle Name (UPN).

Username must be in an email address format.

Creating a 'Locked' user is not allowed. The 'Enabled' property should always be passed as 'true'

Password is required only when EMA is not installed in Windows Domain Authentication mode.

Password Requirements

--between 8 characters and 255 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character
Request Body schema:

User object to be created

UserId
string <uuid>
Username
required
string
Enabled
required
boolean
TenantId
string <uuid>
Description
required
string
Password
string
RoleId
required
integer <int32>

Responses

Request samples

Content type
{
  • "UserId": "00000000-0000-0000-0000-000000000000",
  • "Username": "string",
  • "Enabled": true,
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "Description": "string",
  • "Password": "string",
  • "RoleId": 0
}

Response samples

Content type
{
  • "UserId": "00000000-0000-0000-0000-000000000000",
  • "Username": "string",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "Enabled": true,
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "Description": "string",
  • "RoleId": 0,
  • "SysRole": "none"
}

Gets the details of a User by ID.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User. Endpoint Group Users can see only their own information.

path Parameters
userId
required
string

User ID. Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

Response samples

Content type
{
  • "UserId": "00000000-0000-0000-0000-000000000000",
  • "Username": "string",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "Enabled": true,
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "Description": "string",
  • "RoleId": 0,
  • "SysRole": "none"
}

Updates a User by ID.

Role required: Global Administrator, Tenant Administrator, or Account manager.

Only Description, RoleId, and Enabled can be updated, except for TenantId if converting a user from a Global Admin to a Tenant User. All other fields are ignored.

TenantId is required if the target user is changed to a Tenant user role (i.e., a role that is not a Global Admin).

Manually locking a user by changing the 'Enabled' property to 'false' is not currently supported.

path Parameters
userId
required
string

User ID. Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Request Body schema:
UserId
required
string <uuid>
Username
string
CreatedOn
string <date-time>
CreatedBy
string <uuid>
ModifiedOn
string <date-time>
ModifiedBy
string <uuid>
Enabled
required
boolean
TenantId
string <uuid>
Description
required
string
RoleId
required
integer <int32>
SysRole
string
Enum: "none" "globalAdministrator" "tenantAdministrator" "accountManager" "endpointGroupsCreator" "endpointGroupsUser"

Responses

Request samples

Content type
{
  • "UserId": "00000000-0000-0000-0000-000000000000",
  • "Username": "string",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "Enabled": true,
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "Description": "string",
  • "RoleId": 0,
  • "SysRole": "none"
}

Response samples

Content type
{
  • "UserId": "00000000-0000-0000-0000-000000000000",
  • "Username": "string",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "Enabled": true,
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "Description": "string",
  • "RoleId": 0,
  • "SysRole": "none"
}

Deletes a User by ID.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User

All users can delete their own accounts. Global Administrators can delete any user account from any Tenant. Tenant Administrators can delete any user account from the same Tenant. Account Managers can delete any user having the primary role of Account Manager, Endpoint Group Creator, or Endpoint Group User from the same Tenant.

path Parameters
userId
required
string

Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Responses

Gets the details of a User by username.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User. Endpoint Group Users can see only their own information.

query Parameters
username
string

Responses

Response samples

Content type
{
  • "UserId": "00000000-0000-0000-0000-000000000000",
  • "Username": "string",
  • "CreatedOn": "2019-08-24T14:15:22Z",
  • "CreatedBy": "00000000-0000-0000-0000-000000000000",
  • "ModifiedOn": "2019-08-24T14:15:22Z",
  • "ModifiedBy": "00000000-0000-0000-0000-000000000000",
  • "Enabled": true,
  • "TenantId": "00000000-0000-0000-0000-000000000000",
  • "Description": "string",
  • "RoleId": 0,
  • "SysRole": "none"
}

Set a User's password.

Role required: Global Administrator, Tenant Administrator, Account Manager, Endpoint Group Creator, or Endpoint Group User.

Global Administrators can reset the passwords of all Users without providing their current passwords. Tenant Administrators can reset the passwords of Users in the same Tenant without providing their current passwords. All other users need to provide their current passwords to reset them.

Password is required only when EMA is not installed in Windows Domain Authentication mode.

Password Requirements

--between 8 characters and 255 characters
--contains at least one number
--contains both lowercase and uppercase alpha characters
--contains at least one special character
path Parameters
userId
required
string

User ID. Canonical GUID form: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Request Body schema:
CurrentPassword
string
NewPassword
required
string.*(?=^.{8,255}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z]...

Responses

Request samples

Content type
{
  • "CurrentPassword": "string",
  • "NewPassword": "string"
}

WifiSetups

Gets a collection of WifiSetups.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

Responses

Response samples

Content type
[
  • {
    }
]

Creates a WifiSetup to be used by AMT Profiles.

Role required: Tenant Administrator

When the KeyManagementProtocol is WPAPSK or WPA2PSK, Passphrase is required, and _802_1_SetupLookupKey is not needed and will be set to null. When the KeyManagementProtocol is WPAIEEE802_1 or WPA2IEEE802_1, _802_1_SetupLookupKey is required, and Passphrase is not needed and will be set to nul.

Request Body schema:

WifiSetup object to create

SetupName
required
string
Priority
required
integer <int32>
SSID
required
string
EncryptionAlgorithm
required
string
Enum: "tKIP" "cCMP"
KeyManagementProtocol
required
string
Enum: "wPAPSK" "wPAIEEE802_1" "wPA2PSK" "wPA2IEEE802_1"
Passphrase
string
TenantId
string
_802_1_SetupLookupKey
integer <int32>

Responses

Request samples

Content type
{
  • "SetupName": "string",
  • "Priority": 0,
  • "SSID": "string",
  • "EncryptionAlgorithm": "tKIP",
  • "KeyManagementProtocol": "wPAPSK",
  • "Passphrase": "string",
  • "TenantId": "string",
  • "_802_1_SetupLookupKey": 0
}

Response samples

Content type
{
  • "WifiSetupId": 0,
  • "SetupName": "string",
  • "Priority": 0,
  • "SSID": "string",
  • "EncryptionAlgorithm": "tKIP",
  • "KeyManagementProtocol": "wPAPSK",
  • "Passphrase": "string",
  • "TenantId": "string",
  • "_802_1_SetupLookupKey": 0
}

Gets a WiFiSetup by ID.

Role required: Tenant Administrator, Endpoint Group Creator, or Endpoint Group User

path Parameters
wifiSetupId
required
integer <int32>

WifiSetup ID

Responses

Response samples

Content type
{
  • "WifiSetupId": 0,
  • "SetupName": "string",
  • "Priority": 0,
  • "SSID": "string",
  • "EncryptionAlgorithm": "tKIP",
  • "KeyManagementProtocol": "wPAPSK",
  • "Passphrase": "string",
  • "TenantId": "string",
  • "_802_1_SetupLookupKey": 0
}

Updates a WiFiSetup by ID.

Role required: Tenant Administrator

When the KeyManagementProtocol is WPAPSK or WPA2PSK and the original KeyManagementProtocol is WPAPSK or WPA2PSK, Passphrase is optional, and _802_1_SetupLookupKey is not needed and will be set to null internally. If Passphrase is not provided or empty, the original Passphrase will be used. When the KeyManagementProtocol is WPAPSK or WPA2PSK and the original KeyManagementProtocol is WPAIEEE802_1 or WPA2IEEE802_1, Passphrase is required, and _802_1_SetupLookupKey is not needed and will be set to null internally. When the KeyManagementProtocol is WPAIEEE802_1 or WPA2IEEE802_1, _802_1_SetupLookupKey is required, and Passphrase is not needed and will be set to null internally.

path Parameters
wifiSetupId
required
integer <int32>

WifiSetup ID

Request Body schema:

WifiSetup object to update

WifiSetupId
required
integer <int32>
SetupName
required
string
Priority
required
integer <int32>
SSID
required
string
EncryptionAlgorithm
required
string
Enum: "tKIP" "cCMP"
KeyManagementProtocol
required
string
Enum: "wPAPSK" "wPAIEEE802_1" "wPA2PSK" "wPA2IEEE802_1"
Passphrase
string
TenantId
string
_802_1_SetupLookupKey
integer <int32>

Responses

Request samples

Content type
{
  • "WifiSetupId": 0,
  • "SetupName": "string",
  • "Priority": 0,
  • "SSID": "string",
  • "EncryptionAlgorithm": "tKIP",
  • "KeyManagementProtocol": "wPAPSK",
  • "Passphrase": "string",
  • "TenantId": "string",
  • "_802_1_SetupLookupKey": 0
}

Response samples

Content type
{
  • "WifiSetupId": 0,
  • "SetupName": "string",
  • "Priority": 0,
  • "SSID": "string",
  • "EncryptionAlgorithm": "tKIP",
  • "KeyManagementProtocol": "wPAPSK",
  • "Passphrase": "string",
  • "TenantId": "string",
  • "_802_1_SetupLookupKey": 0
}

Deletes a WiFiSetup by ID.

Role required: Tenant Administrator

path Parameters
wifiSetupId
required
integer <int32>

WifiSetup ID

Responses