Veeam Backup & Replication 11 [Archived]
REST API Reference
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

Authorization and Security

Communication between the client and Veeam Backup & Replication REST API is established over HTTPS. To ensure data privacy, unencrypted HTTP is not supported. The client verifies the REST API identity with a server TLS certificate. For details on managing certificates, see TLS Certificate.

Authorization in REST API

Veeam Backup & Replication REST API authorization process is based on the OAuth 2.0 Authorization Framework and involves obtaining an access token and a refresh token.

  • Access token is a string that represents authorization issued to the client. It must be specified in all requests during the current logon session.
  • Refresh token is a string that represents authorization granted to the client. It is used to obtain a new access token if the current access token expires or becomes lost.

The authorization process involves the following procedures:

  1. Requesting authorization
  2. Using the refresh token
  3. Performing logout

Security Settings

The Veeam Backup & Replication REST API has the following default security settings:

  • Access token lifetime is 15 minutes.
  • Refresh token lifetime is 14 days.
  • Authorization code lifetime is 5 minutes.
View all results across Veeam
Back to document search