Request Proxying

Request proxying allows you to redirect HTTP requests to Veeam products using Veeam Service Provider Console. It can be beneficial in case Veeam Service Provider Console does not support required features available in a target Veeam product.

Currently you can proxy requests to Veeam Backup & Replication, Veeam ONE and Veeam Backup for Microsoft 365.

You can start proxying requests after Veeam Service Provider Console agent is deployed on a machine where a Veeam product is installed and product data is collected.

Authorization

REST API proxying does not require additional authorization.

Note that proxying provides a user with maximum privileges in a target Veeam product. To prevent read-only users from applying any changes to target product, users authorized with read-only API keys are permitted to send only the GET requests.

URL Paths

To proxy a request, provide URL path targeting required Veeam product in the following format: /proxy/{managementAgentUid}/{product}/{targetProductEndpointPath}.

For example, the following URL path can be used to receive Veeam Backup for Microsoft 365 server jobs:

https://localhost:1280/proxy/69ca6904-25fd-40e8-86a6-aa16a8bf7723/vb365/v7/jobs

Proxy Sessions

When you proxy a request, Veeam Service Provider Console Service sends the PrepareProxySession request to the Veeam Service Provider Console management agent installed on a Veeam product server. The management agent acquires Veeam product base URL and API token and starts a proxy session which is a set up connection of Veeam Service Provider Console Service and Veeam product API.

By default, if a proxy session is not being used for 15 minutes, API token expires and Veeam Service Provider Console Service drops the session. In this case the next time a user sends a proxied request, the management agent first sends a request to acquire a new token and start a new session, and then sends the user request to a Veeam product API.

This approach helps proxying process by maintaining system stability in situations when Veeam Service Provider Console Service or management agent becomes unavailable for some time.

Responses

Normally Veeam Service Provider Console applies no changes to proxied request responses. However, if a Veeam product access token expires and a management agent receives an error response with the 401 HTTP status code, this management agent automatically refreshes the token and sends the request again. Note that if a user receives an error response with the 401 HTTP status code to the proxied request, it means that an access token is expired on the Veeam Servce Provider Console side and the user must refresh it.

If during the proxying process an issue occurs with a request or Veeam Service Provider Console infrastructure components, a user receives an error response with the 502 HTTP status code.

Obtaining Available Veeam Products

You can receive collection of Veeam products available for request proxying that are installed on a managed server. To do that, send GET HTTP request to the following path:  

https://<hostname>:1280/api/v3/infrastructure/managementAgents/{managementAgentUid}/proxyableProducts

where managementAgentUid is a UID assigned to a management agent installed on the server where Veeam products reside.

The response contains an array of Veeam product resources. Each resource has the following properties:

  • ProxyProduct - Veeam product that accepts proxied requests.
  • ProxyProductUrlRepresentation - part of URL path that must be used to proxy requests to a Veeam product.

Logging

Veeam Service Provider Console logs proxying errors in all the infrastructure components (WebUI, Service, Agent). The ProxySessions.log file resides on the server where the Service component is installed. The default minimum log level is Information which includes all basic log entries, for example, proxying errors, basic proxying messages about opened sessions, resuming paused sessions, closed sessions and so on.

You can include additional information like used method, user UID of a caller, URL and so on by enabling verbose logging. To do that, open the appSettings.Logging.json file and replace the Information value of the MinimumLevel parameter with Verbose.

Configuration Keys

You can provide the following configuration keys in the configuration.overrides.json file to modify default proxying settings.

  • HttpProxy_SessionsCleanupInterval - time interval between idle sessions cleanups. The default value is 1 minute.
  • HttpProxy_SessionIdleTimeout - maximum time a proxy session can stay idle before it gets dropped. The default value is 15 minutes.
  • HttpProxy_SessionPausedTimeout - time interval after which an idle proxy session is considered paused. A paused session is resumed if a user sends a new request. The default value is 5 minutes.

Page updated 6/24/2025

Page content applies to build 8.1.0.21377