Veeam Backup for AWS 9
REST API Reference
Related documents

User Accounts

The /users resource collection represents all created Veeam Backup for AWS users.

Get Collection of Users

The HTTP GET request to the /users endpoint returns a list of all created Veeam Backup for AWS users.

SecurityBearer
Request
query Parameters
SearchPattern
string

Returns only those items of a resource collection whose names match the specified search pattern in the parameter value.

Sort
Array of strings

Specifies the order of items in the response. For more information, see the Veeam Backup for AWS REST API Reference Overview, section Sort Parameter.

Items Enum: "nameAsc" "nameDesc" "descriptionAsc" "descriptionDesc" "isDefaultAsc" "isDefaultDesc" "mfaEnabledAsc" "mfaEnabledDesc"
Offset
integer <int32> >= 0

Excludes from a response the first N items of a resource collection.

Limit
integer <int32> >= -1

Specifies the maximum number of items of a resource collection to return in a response.

header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
200

OK

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

get/api/v1/users
Request samples 
curl -i -X GET \
  'https://helpcenter.veeam.com/api/v1/users?SearchPattern=string&Sort=nameAsc&Offset=0&Limit=-1' \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'
Response samples
[]

Add User Account

The HTTP POST request to the /users endpoint adds a new user account to the Veeam Backup for AWS configuration database.

NOTE
Before you create a new user, you can check whether a user name, user description and password you plan to specify meet the Veeam Backup for AWS requirements. For more information, see the Validate User Name, Validate User Description and Validate User Password sections in the REST API Reference.

SecurityBearer
Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema:
required
name
required
string non-empty

Specifies a user name for the new user.

description
required
string

Specifies a user description for the new user.

accountType
required
string (UserAccountType)

Type of the user account. Internal type for the user created in Veeam Backup for AWS. External type for the user retrieved from the identity provider.

Enum: "Internal" "External"
roleId
required
string <uuid>

Specifies a system ID assigned in the Veeam Backup for AWS REST API to the user role that will be assigned to the user.

password
string non-empty

Specifies a password of the new user.

Responses
201

Created

400

Bad Request. The request body is malformed, incomplete or invalid.

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/users
Request samples
{
  • "name": "john_smith",
  • "description": "Operator for Dept-01",
  • "password": "Admin123",
  • "accountType": "Internal",
  • "roleId": "fe47645d-1991-4716-9c86-d91e2f7f0c82"
}
Response samples
{}

Get Collection of User Roles

The HTTP GET request to the /users/roles endpoint retrieves a list of roles that can be assigned to a user in Veeam Backup for AWS.

SecurityBearer
Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
200

OK

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

get/api/v1/users/roles
Request samples 
curl -i -X GET \
  https://helpcenter.veeam.com/api/v1/users/roles \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'
Response samples
{
  • "totalCount": 3,
  • "results": [
    ]
}

Get User Data

The HTTP GET request to the /users/{userName} endpoint retrieves information on a specific user.

SecurityBearer
Request
path Parameters
userName
required
string

Name of the Veeam Backup for AWS user.

Example: sara_baker@companymail.com
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
200

OK

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

get/api/v1/users/{userName}
Request samples 
curl -i -X GET \
  'https://helpcenter.veeam.com/api/v1/users/{userName}' \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'
Response samples
[]

Modify User Account

The HTTP PUT request to the /users/{userName} endpoint updates user account settings for a specific user.

NOTE
Before you change user account settings, you can check whether a user description and password you plan to specify meet the Veeam Backup for AWS requirements. For more information, see the Validate User Description and Validate User Password sections in the REST API Reference.

SecurityBearer
Request
path Parameters
userName
required
string

Name of the Veeam Backup for AWS user.

Example: john_smith
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema:
required
description
required
string

Specifies a new description for the user.

roleId
required
string <uuid>

Specifies a system ID assigned in the Veeam Backup for AWS REST API to the user role that will be assigned to the user.

password
string

[Applies only to users with the internal type] Specifies a new password for the user.

oldPassword
string

[Applies only to users with the internal type] Specifies the current password of the user.

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

put/api/v1/users/{userName}
Request samples
{
  • "description": "Restore operator for Dept-01",
  • "roleIds": [
    ],
  • "password": "AdminForDept1",
  • "oldPassword": "Admin123"
}
Response samples
{}

Remove User Account

The HTTP DELETE request to the /users/{userName} endpoint deletes a specific user.

SecurityBearer
Request
path Parameters
userName
required
string

User name of the Veeam Backup for AWS user.

Example: john_smith
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
204

No Content

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

delete/api/v1/users/{userName}
Request samples 
curl -i -X DELETE \
  'https://helpcenter.veeam.com/api/v1/users/{userName}' \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'
Response samples
{
  • "type": "http://example.com",
  • "title": "string",
  • "status": 400,
  • "errorCode": "AccessDenied",
  • "details": "string",
  • "instance": "http://example.com",
  • "data": {
    }
}

Validate User Name

The HTTP POST request to the /users/validateName endpoint checks whether a user name you plan to specify for a new user is unique and meets the Veeam Backup for AWS requirements.

NOTE
A name of a Veeam Backup for AWS user can contain only lowercase Latin letters, numeric characters, underscores and dashes. You can use the dollar sign ($) as the last character of the user name.

SecurityBearer
Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema:
required
name
required
string non-empty

Name that you plan to specify for a user.

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/users/validateName
Request samples
{
  • "name": "rayan_smith"
}
Response samples
[
  • {
    }
]

Validate User Description

The HTTP POST request to the /users/validateDescription endpoint checks whether a user description you plan to specify for a user meets the Veeam Backup for AWS requirements.

NOTE
The Veeam Backup for AWS user description must not exceed 255 characters.

SecurityBearer
Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema:
required
description
required
string

Description that you plan to specify for a user.

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/users/validateDescription
Request samples
{
  • "description": "Dept-02 user"
}
Response samples
[
  • {
    }
]

Validate User Password

The HTTP POST request to the /users/validatePassword endpoint checks whether a user password you plan to specify for a user meets the Veeam Backup for AWS requirements.

NOTE
To meet the security level required in Veeam Backup for AWS, password must be at least 8 characters long and contain uppercase, lowercase letters and numeric characters. Do not use monotonic sequences in the password.

SecurityBearer
Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema:
required
password
required
string non-empty

Password that you plan to specify for a user.

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/users/validatePassword
Request samples
{
  • "password": "Administrator1"
}
Response samples
[
  • {
    }
]

Get MFA Secret Key

The HTTP POST request to the /api/v1/users/{userName}/enableMfa endpoint retrieves an MFA secret key and a token used to assosiate an authenticator application with the authorization server. For more information on how to enable MFA for a user, see the Veeam Backup for AWS REST API Reference Overview, section Multi-Factor Authentication.

SecurityBearer
Request
path Parameters
userName
required
string

Name of the user you want to enable MFA for.

Example: administrator
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema:
required
recreate
required
boolean

Defines whether you want to recreate the existing MFA secret key (true) or to enable MFA for the user (false).

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/users/{userName}/enableMfa
Request samples
{
  • "recreate": false
}
Response samples
{
  • "userName": "administrator",
  • "qrString": "otpauth://totp/administrator&40ip-172-31-71-115?secret=5XKNCVA54BPWQWCXLJZYLMIBD4&issuer=ip-172-31-71-115",
  • "secretKey": "5XKNCVA54BPWQWCXLJZYLMIBD4",
  • "token": "M0Q1OEMwOEQ5MTRFNzMwMzE5MTkzMUU5MDVCNjNENzREMTQ0MDYyRUJFNEE0QjI5MzEzNzVEMUE1QURFNzBENA=="
}

Enable MFA for User

The HTTP POST request to the /api/v1/users/{userName}/acceptMfa endpoint assosiates an authenticator application with the authorization server. For more information on how to enable MFA for a user, see the Veeam Backup for AWS REST API Reference Overview, section Multi-Factor Authentication.

SecurityBearer
Request
path Parameters
userName
required
string

Name of the user you want to enable MFA for.

Example: administrator
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema:
required
code
required
string non-empty

Six-digit verification code generated by an authenticator application on the trusted device.

token
required
string non-empty

Token previously received from the authorization server.

Responses
201

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/users/{userName}/acceptMfa
Request samples
{
  • "code": 475112,
  • "token": "M0Q1OEMwOEQ5MTRFNzMwMzE5MTkzMUU5MDVCNjNENzREMTQ0MDYyRUJFNEE0QjI5MzEzNzVEMUE1QURFNzBENA=="
}
Response samples
{
  • "type": "http://example.com",
  • "title": "string",
  • "status": 400,
  • "errorCode": "AccessDenied",
  • "details": "string",
  • "instance": "http://example.com",
  • "data": {
    }
}

Disable MFA for User

The HTTP POST request to the /api/v1/users/{userName}/disableMfa endpoint disables MFA for a specific user.

SecurityBearer
Request
path Parameters
userName
required
string

Name of the user you want to disable MFA for.

Example: administrator
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
200

OK

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/users/{userName}/disableMfa
Request samples 
curl -i -X POST \
  'https://helpcenter.veeam.com/api/v1/users/{userName}/disableMfa' \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'
Response samples
{
  • "type": "http://example.com",
  • "title": "string",
  • "status": 400,
  • "errorCode": "AccessDenied",
  • "details": "string",
  • "instance": "http://example.com",
  • "data": {
    }
}

Verify First Login

The HTTP GET request to the /api/v1/users/isFirstLogin endpoint assures that you log in to Veeam Backup for AWS for the first time.

Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

get/api/v1/users/isFirstLogin
Request samples 
curl -i -X GET \
  https://helpcenter.veeam.com/api/v1/users/isFirstLogin \
  -H 'x-api-version: 1.7-rev0'
Response samples
{
  • "isFirstLogin": true
}

Validate Backup Appliance Instance ID

The HTTP POST request to the /api/v1/users/checkInstanceId endpoint validates the ID of the EC2 instance where Veeam Backup for AWS is installed.

Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema: application/json
required
instanceId
required
string

Specifies the ID of the EC2 instance where Veeam Backup for AWS is installed.

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/users/checkInstanceId
Request samples
application/json
{
  • "instanceId": "i-813g91u0b0c019356"
}
Response samples
{
  • "isValid": true
}

Create Default User

The HTTP POST request to the /api/v1/users/createdefaultuser endpoint creates the default user whose credentials you will use for the first login to Veeam Backup for AWS.

Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema: application/json
required
required
object (CheckInstanceIdSpec)

AWS ID of the backup appliance.

required
object (DefaultUserCreateSpec)

Specifies user properties.

Responses
201

Created

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

409

The license agreement has not been accepted.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/users/createDefaultUser
Request samples
application/json
{
  • "instance": {
    },
  • "userSpec": {
    }
}
Response samples
{
  • "name": "administrator",
  • "description": "The default user.",
  • "mfaEnabled": false,
  • "isDefault": true
}

Export Collection of Users

The HTTP POST request to the /users/export endpoint exports a list of all created Veeam Backup for AWS users to a .CSV or an .XML file. To specify the required type of the file, use the Accept request header.

SecurityBearer
Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
200

OK

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/users/export
Request samples 
curl -i -X POST \
  https://helpcenter.veeam.com/api/v1/users/export \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'