Public API
Introduction
Bitdefender Control Center APIs allow developers to automate business workflows.
The APIs are exposed using JSON-RPC 2.0 protocol specified.
Here is an example of API call updating the company name inside Control Center:
{ "id": "91d6430d-bfd4-494f-8d4d-4947406d21a7", "jsonrpc": "2.0", "method": "updateCompanyDetails", "params": { "name": "My Company Name" } }
For this call, the following response is sent back to the application:
{ "id":"91d6430d-bfd4-494f-8d4d-4947406d21a7", "jsonrpc":"2.0", "result": null }
Each API call targets a method and passes a set of parameters.
There are two types of parameters:
required - MUST be always passed to the called method.
optional - has a default value and can be omitted from the parameters list. Any optional parameter can be skipped, regardless its position in the parameters list.
API requests
The API calls are performed as HTTP requests with JSON-RPC messages as payload. HTTP POST method MUST be used for each API call. Also, it is required that each HTTP request have the Content-Type
header set to application/json
.
Note
The API is limited to a specific number of requests per second per API key. If this limit is exceeded, subsequent requests are rejected and 429 HTTP
status code is returned, along with a Retry-After header specifying the number of seconds left until you can send a new request.
Control Center exposes multiple APIs targeting distinct areas in the product. Each API exposes a set of methods related to a designated product area.
The base URL for all APIs is: CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/
. The full URL of the API is obtained by adding the API name to the base URL.
Note
Version 1.1 is also available for several methods. The base URL for all 1.1 APIs is: CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/
.
The CONTROL_CENTER_APIs_ACCESS_URL is displayed in the Access URL field. To find this field click your username in the upper-right corner of the console and choose My Account. Go to the Control Center API section.
Currently, the following APIs are being exposed:
Companies, with the API URL:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/companies
Licensing, with the API URL:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/licensing
Accounts, with the API URL:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/accounts
Network, with the API URLs:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/network
CONTROL_CENTER_APIs_ACCESS_URL/v1.1/jsonrpc/network
Packages, with the API URL:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/packages
Policies, with the API URL:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/policies
Integrations, with the API URL:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/integrations
Reports, with the API URL:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/reports
Push, with the API URL:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/push
Incidents, with the API URLs:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/incidents
CONTROL_CENTER_APIs_ACCESS_URL/v1.1/jsonrpc/incidents
Maintenance windows, with the API URL:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/maintenanceWindows
Quarantine, with the API URLs:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/quarantine
CONTROL_CENTER_APIs_ACCESS_URL/v1.1/jsonrpc/quarantine
General, with the API URL:
CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/general
The HTTP requests containing JSON RPC 2.0 can be performed on each API URL in order to consume the exposed functionality.
Note
Batch requests and notifications are not currently supported by Control Center.
API Keys
The API key is a unique key that is generated in the MyAccount section of Control Center. Each API key allows the application to call methods exposed by one or several APIs. The allowed APIs are selected at the time the API key is generated.
To generate API keys:
Log in to
https://gravityzone.bitdefender.com/
using an administrator account. Your account must have the following rights: Manage Networks, Manage Users, Manage Company, and View and analyze data.Click your username in the upper right side of the console and select My Account:
Go to the API keys section and click the Add button:
Type in a description for the key and select the APIs you want to enable for use with this key:
Click Generate.
Note
A window will be displayed with the newly generated API key and a warning stating that the key is only available for you to read while the window is open. After closing the window you will no longer be able to view the key anywhere in GravityZone.
Click the button to copy the key to clipboard and save it in a safe location.
Close the API key window.
The new key is added under the API keys section in an obfuscated format along with its description and creation date, and a list of enabled APIs.
Important
By using the API keys, developers can access sensitive information such as packages and inventory. Please do not share or distribute your own generated API keys, in order to prevent the leaking of sensitive information!
Control Center also allows you to delete the previously generated API keys if they are no longer needed:
Select the API key from the list.
Click the Delete button:
Select Yes to confirm the deletion.
Warning
You will no longer be able to use the keys and any connections to third party apps using them will be terminated.
Authentication
The API calls to Control Center are authenticated at HTTP protocol level using the HTTP Basic Authentication mechanism described here.
The client application is required to send the Authorization request header each time it performs a call to an API.
The Authorization header consists of the following elements:
The authorization method and a space as the prefix; in our case, this will always be equal to
Basic
.A Base64 encoded string, generated from the combined
username:password
sequence.In our case, the API key is set as username, and password is set as an empty string.
For example, if the API Key is equal to
N8KzwcqVUxAI1RoPi5jyFJPkPlkDl9vF
, the Base64 encoding should be performed on the following string:N8KzwcqVUxAI1RoPi5jyFJPkPlkDl9vF:
. In this case, the content sent to the authorization header isBasic TjhLendjcVZVeEFJMVJvUGk1anlGSlBrUGxrRGw5dkY6
.
Errors reporting
Control Center returns an error if the requested API method is unable to perform the desired task.
Here is an example of error response for a failing API call:
{ "id":"4d77e2d9-f760-4c8a-ba19-53728f868d98", "jsonrpc" : "2.0", "error" : { "code" : -32601, "message" : "Method not found", "data" : { "details" : "The selected API is not available." } } }
The error code and error message are returned as specified in JSON-RPC 2.0 Specification:
Error | Code | Message |
---|---|---|
Parse error |
| Parse error |
Invalid Request |
| Invalid Request |
Method not found |
| Method not found |
Invalid params |
| Invalid params |
Server error |
| Server error |
The full description of the error is placed in data.details
member in the error message.
Also, the HTTP status code is set according to the type of errors:
HTTP status | Description |
---|---|
| is set if the authentication failed for the request (e.g. the API key is incorrect or missing) |
| is set if the request is not authorized to consume the desired functionality (e.g. the API is not enabled for the used API key) |
| the HTTP method is other than POST |
| more than 10 requests per second have been issued from the same IP address |
| is returned for successful requests or for requests that have failed due to server errors (e.g. a required parameter is not passed). |