Public API

Bitdefender Control Center APIs allow developers to automate business workflows.

The APIs are exposed using JSON-RPC 2.0 protocol specified.

Here is an example of API call updating the company name inside Control Center:

    {
        "id": "91d6430d-bfd4-494f-8d4d-4947406d21a7",
        "jsonrpc": "2.0",
        "method": "updateCompanyDetails",
        "params": {
            "name": "My Company Name"
        }
    }    

For this call, the following response is sent back to the application:

    {
        "id":"91d6430d-bfd4-494f-8d4d-4947406d21a7",
        "jsonrpc":"2.0",
        "result": null
    }    

Each API call targets a method and passes a set of parameters.

There are two types of parameters:

The API calls are performed as HTTP requests with JSON-RPC messages as payload. HTTP POST method MUST be used for each API call. Also, it is required that each HTTP request have the Content-Type header set to application/json.

Control Center exposes multiple APIs targeting distinct areas in the product. Each API exposes a set of methods related to a designated product area.

The base URL for all APIs is: CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/. The full URL of the API is obtained by adding the API name to the base URL.

The CONTROL_CENTER_APIs_ACCESS_URL is displayed in the Access URL field. To find this field click your username in the upper-right corner of the console and choose My Account. Go to the Control Center API section.

Currently, the following APIs are being exposed:

The HTTP requests containing JSON RPC 2.0 can be performed on each API URL in order to consume the exposed functionality.

The API key is a unique key that is generated in the MyAccount section of Control Center. Each API key allows the application to call methods exposed by one or several APIs. The allowed APIs are selected at the time the API key is generated.

To generate API keys:

1. Log in to https://gravityzone.bitdefender.com/ using an administrator account. Your account must have the following rights: Manage Networks, Manage Users, Manage Company, and View and analyze data.

2. Click your username in the upper right side of the console and select My Account:

   

3. Go to the API keys section and click the Add button:

   

4. Type in a description for the key and select the APIs you want to enable for use with this key:

   

5. Click Generate.

   Note

   A window will be displayed with the newly generated API key and a warning stating that the key is only available for you to read while the window is open. After closing the window you will no longer be able to view the key anywhere in GravityZone.

   

6. Click the button to copy the key to clipboard and save it in a safe location.

7. Close the API key window.

The new key is added under the API keys section in an obfuscated format along with its description and creation date, and a list of enabled APIs.

Control Center also allows you to delete the previously generated API keys if they are no longer needed:

The API calls to Control Center are authenticated at HTTP protocol level using the HTTP Basic Authentication mechanism described here.

The client application is required to send the Authorization request header each time it performs a call to an API.

The Authorization header consists of the following elements:

Control Center returns an error if the requested API method is unable to perform the desired task.

Here is an example of error response for a failing API call:

      {
          "id":"4d77e2d9-f760-4c8a-ba19-53728f868d98",
          "jsonrpc" : "2.0",
          "error" : {
              "code" : -32601,
              "message" : "Method not found",
              "data" : {
                  "details" : "The selected API is not available."
              }
          }
      }    

The error code and error message are returned as specified in JSON-RPC 2.0 Specification:

The full description of the error is placed in data.details member in the error message.

Also, the HTTP status code is set according to the type of errors: