Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


For the below, my Open-AudIT server is running on You should substitute the IP address of your Open-AudIT server.


First you need to make a post to /login to get a cookie. Set the dropdown to POST and the URL to Set the header Accept to application/json. Set the Body to form-data and provide the username and password keys, with values as appropriate for your installation. By default it will look as below.  Now click the Send button.


You should see the JSON result saying you have been authenticated.


Once that's done, it's time to request some data. Make a GET request to and you should get a JSON response containing a list of devices. You can see the start of the JSON in the screenshot below.


What about changing the attribute of an item? Not too difficult. You'll need the ID of the device you want to change, along with the attribute name from the database and an access token.

Access tokens are generated with every request type. You will need a token when submitting a POST or PATCH request. RUn Run another query (a GET is fine, even if no items are returned) and parse the JSON reqponse reponse for meta → access_token. Include this in your request body as below.


So now you have your payload, let's send it to Open-AudIT. Make a new PATCH request and use the URL Supply the data attribute in the body → x-www-form-urlencoded section and hit Send. You should see the request as below.


Deleting an item is the even easier. Let's delete an Org. In this case, our Org with ID 2. Make a new DELETE request to That's it - easy (smile)


And if we want to read a specific entry, it's just a GET request. Let's get our default Org - ID 1. Just make a GET to


What about running a query? What's the HTTP verb used to EXECUTE something? There is none (sad) But we'll make do by supplying /execute after the ID. So to execute a query, make a GET request to To execute a discovery, task or baseline, use the same format - ID/execute.


If we want to create a new item, use a http verb of POST^ and include an  access token. An access token is generated with every request (except logon) and any of the last 20 (by default, settable in the configuration) will be accepted. You should always aim to use the last access token issued.