Rest API Documentation

Hello Sarah,

The developers have started working on a public API, but it is only available internally as of yet.

For now, the only officially supported method is to use the Devolutions.PowerShell module, with the *-DS* cmdlets else, which use the REST API in the backend - https://docs.devolutions.net/kb/devolutions-powershell/devolutions-server/powershell-connectivity/#method-2-using-devolutions-server-cmdlets

Best regards,

Hello Sarah,

The developers have started working on a public API, but it is only available internally as of yet.

For now, the only officially supported method is to use the Devolutions.PowerShell module, with the *-DS* cmdlets else, which use the REST API in the backend - https://docs.devolutions.net/kb/devolutions-powershell/devolutions-server/powershell-connectivity/#method-2-using-devolutions-server-cmdlets

Best

Thank you for your quick response Richard.

Hello Richard

Is there an ETA on the public API? Or details you can share already?

Hello Sarah

In case you see this, can you comment on any progress you've made towards "Rest calls triggered by a Java script." ?

Thank you to both of you.

Best regards,

Yannis

Hello Yannis,

A few endpoints are available internally; they should be available publicly on the 2024.1 release. You can keep an eye out for the beta, which should be available next month - https://forum.devolutions.net/forums/89/devolutions-server--beta

Best regards,

Hello Yannis,

Even if endpoints will be officially included in 2024.1 release, they are already available in the last 2023.3 version. I will send you in a private message what is available for now to get your feedback.

Best regards,

I'm getting ready to write new code to interface with RDM credentials. If you have something for API's now could you share with me too? It would be nice to start with this instead of starting with powershell and having to convert it back to api.

Hello,

I sent you the documentation in private message, but I will also let it available here. Don't hesitate to give feedback, we want to hear from you on what operation you want to automate with that API and what would be useful for you.

Best regards,

Good morning, Francois,

I am looking at using the REST API to connect to our RPA software solutions so it can be used as a Secrets Manager. None of these allow the use of PowerShell.

With 2023.3.13 I can get a token for my first Devolutions Server Application, but no matter how I set permissions (even making it an Administrator) in Devolutions Server I always get a 401 Unauthorized response.

One assumption I had to make because the documentation you sent is still a work in progress was that the token should be used as a Bearer token in the Request Headers: "Authorization: Bearer 99999999-9999-9999-9999-999999999999"".

Is this the correct Authentication method?
If so, any ideas on what I've missed to get the Application access?

Mike Shook (he/him/his) | IT Practice Owner – Cybersecurity and Compliance | http://www.barrettdistribution.com | mshook@barrettdistribution.com | 703.891.4190

Hi Everyone,


If possible, I would like to receive the documentation, we may have a use for the API on the devolution server.


Appreciate in advance :-)


Thank you


Regards,

David

David, see below Francois' signature in his last reply for the HTML file.

Oh, my apologies, just saw it. :-)

Thanks a lot !

Hello,

We released 2024.1 last week and documentation of REST API is available directly in the application



Let us know if you have questions/comments on it.

Best regards,

Hi, i have a small problem when I try this.

So, when using the Rested Addon for Firefox it works.


but trying this with Invoke-Webrequest from Powershell I get an
Invoke-WebRequest: Response status code does not indicate success: 400 (Bad Request).

Is there a way to log the request on DVLS Server or IIS to see the difference between these two ?

Hello,

You could have a look to the DPS_Main.log that you will find in the App_Data folder, but I don't think you will see more than the return code. Could you send us your powershell code that returns that error ? Both should work.

Best regards,

Hello François,

I did not find any log that helps.

Powershell code is something like this :

$Protocol = 'https'
$RemotePort = 443
$appKey = 'some-working-app-key'
$appSecret = 'some-working-app-secret'
$DpsRemoteHost = 'some-dps-host.local'
$DpsBaseUrl = '/dps'
$DpsApiUrl = '/api/v1'

$JsonContentType = "application/json; charset=utf-8"
        
$headers = @{
    Accept      = $JsonContentType
    ContentType = $JsonContentType
}
    
$body = @{
    appKey    = $appKey
    appSecret = $appSecret
} | ConvertTo-Json

try {
    
    $UrlBuilder = New-Object System.UriBuilder -ArgumentList $Protocol, $DpsRemoteHost, $RemotePort, $(Join-Path -Path $DpsBaseUrl -ChildPath $DpsApiUrl | Join-Path -ChildPath 'login')
    Write-Host 'url :'$UrlBuilder.Uri.AbsoluteUri
            
    $Response = Invoke-RestMethod -Uri $UrlBuilder.Uri.AbsoluteUri -Method Post -Headers $headers -Body $body
    Write-Host $Response

}
catch {
    if ($_.ErrorDetails.Message) {
        Write-Host $_.ErrorDetails.Message
    }
    else {
        Write-Host $_
    }
}

> Response status code does not indicate success: 400 (Bad Request).

tested some more with powershell

looks like setting the content type in the header is not enough, i had to add the -ContentType parameter to the Invoke-Restmethod

Invoke-RestMethod  -Uri $UrlBuilder.Uri.AbsoluteUri -Method Post -Headers $headers -Body $body -ContentType $JsonContentType

no matter how I set permissions (even making it an Administrator) in Devolutions Server I always get a 401 Unauthorized response.

One assumption I had to make because the documentation you sent is still a work in progress was that the token should be used as a Bearer token in the Request Headers: "Authorization: Bearer 99999999-9999-9999-9999-999999999999"".

Is this the correct Authentication method?
If so, any ideas on what I've missed to get the Application access?

Mike Shook (he/him/his) | IT Practice Owner – Cybersecurity and Compliance | http://www.barrettdistribution.com | mshook@barrettdistribution.com | 703.891.4190

Good afternoon, any info on how to consume the token once I have it?

Mike Shook (he/him/his) | IT Practice Owner – Cybersecurity and Compliance | http://www.barrettdistribution.com | mshook@barrettdistribution.com | 703.891.4190

Hello Mike,

To consume the token returned by the endpoint POST api/v1/login, you can add it to a custom header 'tokenId' and call other endpoints, it should work. Let me know if that help.

Best regards,

To consume the token returned by the endpoint POST api/v1/login, you can add it to a custom header 'tokenId' and call other endpoints, it should work. Let me know if that help.

Awesome!! That definitely worked.

Of course, now that I've showed it to some of our developers, the questions are coming in

1. What are the entry types currently supported by the API (yes, they all return a payload, but the ones I've tried besides Credential return an empty "data" object)
2. Is there a road map for other entry types? I believe my Devs were specifically looking to solve a current challenge we have with securely storing things beside a simple password like a full JSON object or code block
3. Currently the Custom Fields are not returned by the API. Is this on the roadmap?
   1. Since the Custom fields have a couple of Text Areas and they can be set to Sensitive, this might be a solution for what my Devs are looking for in #2

Thanks!

Mike Shook (he/him/his) | IT Practice Owner – Cybersecurity and Compliance | http://www.barrettdistribution.com | mshook@barrettdistribution.com | 703.891.4190

Hello Mike,

Here are the answers to your questions :

1- We support credentials (secret, API Key, username/password, etc.)
2 - We don't have road map for other entry types for now. The public api is more oriented for secret management for now. But don't hesitate to let us know your needs and we could see what is possible. But we don't plan to add all entry types because some of them have lot of parameters and could be difficult to handle thought a public API.
3 - I will consider it and see if it could be added. We will post back here once we have an update.

Best regards,

Good morning, Francois,

I think for us the 2 things we'd like are OTP retrieval and securable blocks of "stuff". OTP could be either from a "normal" Credential entry or as the stand-alone OTP type. Large blocks could either be the 5 custom fields of a credentials entry or the Secure Note entry.

Thanks!!

Mike Shook (he/him/his) | IT Practice Owner – Cybersecurity and Compliance | http://www.barrettdistribution.com | mshook@barrettdistribution.com | 703.891.4190

Hello Mike,

Thank you for your answer. OTP entry should be available with the current version. We will see if we could add custom fields to the answer.

Best regards,

Good morning, Francois, the OTP isn't being returned by either the OTP or Credential types:

{
    "id": "fd79ce23-0e22-409f-afa5-d2c96504cfa1",
    "name": "Test TOTP",
    "description": "",
    "path": "API Test",
    "type": "Credential",
    "subType": "OTP",
    "tags": [],
    "data": {},
    "modifiedOn": "2024-05-02T13:37:41",
    "modifiedBy": "",
    "createdOn": "2024-05-02T13:37:41",
    "createdBy": "mshook.admin"
}

{
    "id": "0f0a9c3d-a556-4bc3-adb5-ca904f1af9e9",
    "name": "API Test User Pass",
    "description": "Wilma's husband",
    "path": "API Test",
    "type": "Credential",
    "tags": [
        "DEV"
    ],
    "data": {
        "domain": "",
        "password": "Yabba-Dabba-Doo",
        "username": "Fred Flintstone"
    },
    "modifiedOn": "2024-04-25T20:29:44",
    "modifiedBy": "609f8480-9304-44db-92c5-3811407e4e6c",
    "createdOn": "2024-01-30T20:37:48",
    "createdBy": "mshook@barrettdistribution.com"
}

Thanks!

Mike Shook (he/him/his) | IT Practice Owner – Cybersecurity and Compliance | http://www.barrettdistribution.com | mshook@barrettdistribution.com | 703.891.4190

Hello,
Would it be possible to publish this documentation online?
We want to introduce this to an external company that writes code for us to implement this in future, but there is no possibility to show them the documentation properly, even when providing them an read-only Account the Documentation is hidden.

Kind regards
Yannik

Also could you tell how long this tokenId is valid after an successful login.

Hello,

The documentation is attached below the signature of Francois in this post
https://forum.devolutions.net/topics/40303/rest-api-documentation#186485

Best regards,

Hello,

We used Remote Desktop Manager internally to manage customer login credentials. Our employees only get access to these customer details if they are actually scheduled for the specific customer. These scheduling details come from our ERP system. Currently, we exchange this data using PowerShell, but it is slow and not always reliable. Therefore, we are looking for an alternative solution with the RestApi.

However, it is not clear to me whether we can assign rights to employees (users) for specific entries via the API. I cannot find this information in the documentation. Can you indicate whether this is possible with the Remote Desktop Manager API?

Kind regards,
Anthony

Good morning, Francois, the OTP isn't being returned by either the OTP or Credential types:

{
    "id": "fd79ce23-0e22-409f-afa5-d2c96504cfa1",
    "name": "Test TOTP",
    "description": "",
    "path": "API Test",
    "type": "Credential",
    "subType": "OTP",
    "tags": [],
    "data": {},
    "modifiedOn": "2024-05-02T13:37:41",
    "modifiedBy": "",
    "createdOn": "2024-05-02T13:37:41",
    "createdBy": "mshook.admin"
}

{
    "id": "0f0a9c3d-a556-4bc3-adb5-ca904f1af9e9",
    "name": "API Test User Pass",
    "description": "Wilma's husband",
    "path": "API Test",
    "type": "Credential",
    "tags": [
        "DEV"
    ],
    "data": {
        "domain": "",
        "password": "Yabba-Dabba-Doo",
        "username": "Fred Flintstone"
    },
    "modifiedOn": "2024-04-25T20:29:44",
    "modifiedBy": "609f8480-9304-44db-92c5-3811407e4e6c",
    "createdOn": "2024-01-30T20:37:48",
    "createdBy": "mshook@barrettdistribution.com"
}

Thanks!

Mike Shook (he/him/his) | IT Practice Owner – Cybersecurity and Compliance | http://www.barrettdistribution.com | mshook@barrettdistribution.com | 703.891.4190

Hello @mshook,

Based on your response here, it would appear that you have the API calls working and responding to your requests. I am trying to make API calls to retrieve credentials and I am getting stuck once I have the token from authenticating. I was initially getting a 401 on all subsequent calls until I saw the response from Francois in the same thread that you can use a custom header entry named tokenId, but now I am getting a response from my Invoke-RestMethod calls of "result": 2 and the variable just has a bunch of HTML code in it. I was wondering if you could share a code snippet with me of your API call to retrieve the actual credential to assist me with getting this to work.

Thank you
Larry

Good morning, Larry,

Once the token is acquired, the URL to use should look like this: "https://devolutions.acme.test/dvls/api/v1/vault/guidguid-guid-guid-guid-guidguidguid/entry/guidguid-guid-guid-guid-guidguidguid", substituting your own specifics.

Since this is a GET, there is no body to worry about.

The header to add is "tokenId" with the token you got from the Login as the only data in it, like this: tokenId: "guidguid-guid-guid-guid-guidguidguid"

Reading from your question, it seems like you have done these things, so the error is possibly related to something else, like permissions (Does the application with the token have permission to access the entry?). The HTML might give some indication of the issue. Save everything from "<html>" to the final "</body>" in a new .htm file and open that with your browser.

If the issue isn't clear to you at that point, I believe you would need to contact Support for guidance about whatever the HTML is telling you.

Good luck,

Mike

Hello @anthonydorlandt,

The public rest API is more to get password and update them. Unfortunately, you can't update the security and permission through our current public rest API.

Best regards,

Hello Larry,

What Mike wrote is right (Thanks Mike), it should work. If you have other issues, don't hesitate to ask question, we will help with pleasure.

Best regards,

Hello,

Thank you for being so patient!

I am pleased to inform you that the feature has been added in version 2026.1.1.0 of Devolutions Server. As of now, the latest version 2026.1.1.0 is only available in Beta. We strongly recommend upgrading your Staging environment before installing this version in the production environment.
https://docs.devolutions.net/server/kb/how-to-articles/create-server-staging-instance

Here are the steps for the upgrade:
https://docs.devolutions.net/server/getting-started/installation/upgrade-server

We also offer free upgrade sessions, during which we will update your Devolutions Server instance together. If you are interested in this, please send an email to service@devolutions.net

Please let us know if this works or if you encounter any issues.

Best regards,