Veeam Backup for Microsoft 365 8
REST API Reference
Related documents

Authorization

Veeam Backup for Microsoft 365 REST API authorization process involves obtaining an access token - a string that represents authorization issued to the user and that must be send in the Bearer <Access-Token> format in the Authorization header in all requests during the current logon session.

The /token resource collection allows a Veeam Backup for Microsoft 365 user to authenticate himself and authorize his access to the Veeam Backup for Microsoft 365 REST API. For more information about the authorization process and security settings, see the Veeam Backup for Microsoft 365 REST API Reference, section Authorization and Security.

The /token/AuthCode resource allows you to obtain a one-time authorization code that is required to complete authentication.

Request Authorization Tokens

Allows you to authorize your access to the Veeam Backup for Microsoft 365 REST API.

x-anonymous: true
SecurityBearer
Request
Request Body schema:
required
grant_type
required
string
Default: "password"

Specifies a grant type that will be used to authenticate a user.

Enum: "password" "refresh_token" "urn:ietf:params:oauth:grant-type:jwt-bearer" "operator"
username
string

[Required if the grant_type property value is password] Specifies a user name.

password
string <password>

[Required if the grant_type property value is password] Specifies a user password.

refresh_token
string

[Required if the grant_type property value is refresh_token] Specifies a refresh token.

client_id
string

[Required if the grant_type property value is urn:ietf:params:oauth:grant-type:jwt-bearer or operator] Specifies either an application ID or combination of a user ID and tenant ID in the following format: userId.tenantId.

assertion
string

[Required if the grant_type property value is urn:ietf:params:oauth:grant-type:jwt-bearer or operator] Specifies an assertion.

disable_antiforgery_token
boolean or null

Defines whether an antiforgery token is not required for Veeam Backup for Microsoft 365 REST API authorization process. The antiforgery token is stored in web browser cookies and protects an access and refresh tokens during a web browser REST API session.

Responses
200

OK

default

Operation failure response.

post/v8/token
Request samples 
grant_type=password&username=string&password=pa%24%24word&refresh_token=string&client_id=string&assertion=string&disable_antiforgery_token=true
Response samples
application/json
{
  • "message": "string",
  • "errorCode": "ProxyOffline",
  • "stackTrace": "string"
}

Log Out

Performs the logout operation for an authorized user.

SecurityBearer
Responses
204

No Content

default

Operation failure response.

post/v8/token/logout
Request samples 
Response samples 
application/json
{
  • "message": "string",
  • "errorCode": "ProxyOffline",
  • "stackTrace": "string"
}
Request Authorization Code
Creates a one-time authorization code.


SecurityBearer 
Responses 
200
OK


default
Operation failure response.


post/v8/token/AuthCode
Request samples 
Response samples 
application/json
{
  • "authCode": "string"
}

    
    

                                

                                    
Document updated 12/18/2025
Page content applies to build 8.3.0.2201