...
Open-AudIT is implementing a JSON Restful API to be used both in the web interface and via JSON requests.
NOTE - This API is not ready for a full release as yet and items below are subject to change.As at 1.12.8 though, this is how it stands. We don't envision big breaking changes going forward, but until such time as we give the official "released" stamp of approval, items are subject to (and indeed WILL) change.
NOTE - This page is incomplete and is being updated as we work towards a released version of the API.
Open-AudIT's API
Open-AudIT is basing it's its API on http://jsonapi.org with the intention of providing simple and intuitive access in a manner familiar to developers.
...
The API uses a cookie. You can request a cookie by sending a POST to the URL below, containing the username and password attributes and values:
| Code Block |
|---|
http://{server}/omk/oae/login |
...
open-audit/logon |
The Endpoints
At present we have endpoints for :
devices - The devices, big surprise.
Collections to be introduced
Locations, scripts, files, users, discoveries, config, additional fields, groups queries and more are planned. Basically everything that is possible to move to the new model inside Open-AudIT will benearly every collection. They are listed here - Collections.
Options
Format
Using the format option is useful when using a web browser but you wish to see the result in JSON format. Adding format=json achieves this. Normally a web browser will set its accept header to htmlHTML, so in that case, we return the rendered page. Using an API to retrieve JSON you should set the accept header to contain the string "json". That might be "json/application" or whatever you like. You can override this by providing the format option in the URL..
We tend to use the Google Chrome extension called Postman for testing actual restful queries. You might like to install and test with that. http://www.getpostman.com.
...
When using the API the default action is determined according to the format and URL. You can override this by providing the 'action' option in the URL. An example of this is when creating a new item. You would normally use POST to /item but in the case of a web user, you need a web form to be able to fill out the item details. In that case, there is no facility for this in a typical JSON restful Restful API. We work around this by providing action=create in a GET request for the URL. IE - http://{server}/omk/oaeopen-audit/networks?action=create. The default action if noting nothing matches below is to return a collection of items.
| Request | Name | ID | Result | Implemented |
|---|---|---|---|---|
| GET | Return a collection of items | Y | ||
| ANY | list | Return a collection of items. | Y | |
| GET | create | Show a an HTML form to create a new item. | N | |
| GET | import | N | ||
| GET | read | Y | Show the details of an item. | Y |
| GET | edit | Y | Show a form to edit an item's details. | Y |
...
When requesting screen display, the limit is set to 1000 by default.
...
Requested properties should be in a comma-separated list.
| Code Block |
|---|
properties={attribute 1},{attribute 2},{attribute 3}id,name,status |
You can also specify properties using the below format.
| Code Block |
|---|
properties=["id","name","status"] |
Filter
To filter by a property value, use the property name. Operators that should precede the value are !=, >, >=, <, <=, 'like' and '!like'. If no operator is specified, the default is =.
...
All endpoints URLs are of the format http://{server}/omk/oaeopen-audit/{endpoint}
NOTE - The below examples use SQL column names from 1.12.8. This are in the process of being revised for our next release.
Devices
| Type | Endpoint | ||
|---|---|---|---|
| GET | /devices | Return a collection of devices with the default set of columns from the system table (system.system_id, system.icon, system.man_type, system.hostname, system.domain, system.man_ip_address, system.man_description, system.man_os_family, system.man_status) | |
| GET | /devices/{id} | Return an individual devices details. | |
| GET | /devices?sub_resource={sub_resource name} | To return all items in a sub_resource for a collection of devices. If you wanted all software you would use http://{server}/open-audit/index.php/devices?sub_resource=software | |
| GET | /devices/{id}?sub_resource={sub_resource name} | To return all items in a sub_resource for a specific device. | |
| GET | /devices?sub_resource={sub_resource name}&sub_resource_id={sub_resource id} | To return a specific item in a sub_resource for a collection of devices - not especially useful. You would more likely use the below (request a sub_resource items from a specific device) | |
| GET | /devices{id}?sub_resource={sub_resource name}&sub_resource_id={sub_resource id} | To return a specific sub_resource item for a specific device. |
...
| Code Block |
|---|
GET http://{server}/omk/oaeopen-audit/devices |
Retrieve all devices running Windows.
| Code Block |
|---|
GET http://{server}/omk/oaeopen-audit/devices?system.os_group=Windows |
...
| Code Block |
|---|
GET http://{server}/omk/oaeopen-audit/devices?system.os_group=Windows&limit=10&sort=system.hostname |
...
| Code Block |
|---|
GET http://{server}/omk/oaeopen-audit/devices?properties=system.id,system.ip,system.hostname,system.domain,system.type |
Retrieve all details about the device with system_ id 88.
| Code Block |
|---|
GET http://{server}/omk/oaeopen-audit/devices/88?include=all |
Retrieve a list of devices in the 192.168.1.0/24 subnet
| Code Block |
|---|
GET http://{server}/omk/oaeopen-audit/devices?sub_resource=ip&ip.network=192.168.1.0/24&properties=system.id,system.hostname,system.domain,ip.ip |
...
| Code Block |
|---|
GET http://{server}/omk/oaeopen-audit/devices?system.os_name=likeWindows 2008 |