- About Veeam Backup & Replication REST API
- Overview
- How To
- Changelog
- Login
- License
- postInstall License
- getGet Installed License
- postRemove License
- postCreate License Usage Report
- postRenew Installed License
- getGet Consumption of Socket Licenses
- postRevoke Socket License
- getGet Instance Licenses Consumption
- postAssign Instance License
- postRevoke Instance License
- getGet Capacity License Consumption
- postRevoke Capacity License From Unstructured Data Workload
- postUpdate License
- postEnable or Disable License Auto Update
- postEnable or Disable Instance Consumption for Unlicensed Agents
- Credentials
- getGet All Credentials
- postAdd Credentials Record
- getGet Credentials Record
- putEdit Credentials Record
- delRemove Credentials Record
- postChange Password
- postChange Linux Private Key
- postChange Linux Root Password
- getGet All Cloud Credentials
- postAdd Cloud Credentials Record
- postGet Microsoft Entra ID Verification Code
- postRegister Microsoft Entra ID Application
- postGet Google Authentication Information
- getGet Cloud Credentials Record
- putEdit Cloud Credentials Record
- delRemove Cloud Credentials Record
- postChange Secret Key
- postChange Google Service Account
- postChange Certificate
- getGet All Helper Appliances
- postAdd or Edit Helper Appliance
- getGet Helper Appliance
- delRemove Helper Appliance
- Encryption
- Service
- Services
- Connection
- Cloud Browser
- Inventory Browser
- getGet All VMware vSphere Servers
- getGet VMware vSphere Server Objects
- postGet All Servers
- postGet Inventory Objects
- postRescan Inventory Objects
- getGet All Unstructured Data Servers
- getGet Unstructured Data Servers
- getGet All Microsoft Entra ID Tenants
- postAdd Microsoft Entra ID Tenant
- getGet Microsoft Entra ID Tenant
- putEdit Microsoft Entra ID Tenant
- delRemove Microsoft Entra ID Tenant
- Traffic Rules
- General Options
- Security
- postStart Security & Compliance Analyzer
- getGet Security & Compliance Analyzer Last Run
- getGet Security & Compliance Analyzer Schedule
- putModify Security & Compliance Analyzer Schedule
- postReset All Security & Compliance Analyzer Statuses
- getGet Security & Compliance Analyzer Results
- postSuppress Security & Compliance Analyzer Best Practice Status
- postReset Security & Compliance Analyzer Status
- getGet All Authorization Events
- getGet Authorization Event
- Malware Detection
- Configuration Backup
- Managed Servers
- Repositories
- getGet All Repositories
- postAdd Repository
- postRescan Repositories
- getGet All Repository States
- getGet Repository
- putEdit Repository
- delRemove Repository
- getGet All Scale-Out Backup Repositories
- postAdd Scale-Out Backup Repository
- getGet Scale-Out Backup Repository
- putEdit Scale-Out Backup Repository
- delRemove Scale-Out Backup Repository
- postEnable Sealed Mode
- postDisable Sealed Mode
- postEnable Maintenance Mode
- postDisable Maintenance Mode
- Proxies
- WAN Accelerators
- Jobs
- Backups
- Backup Objects
- Restore Points
- Backup Browsers
- getGet All File Restore Mount Points
- getGet File Restore Mount Point
- postBrowse File System
- postCompare Attributes
- postCompare Files and Folders
- postSearch for Files and Folders
- postBrowse Search Results
- postRestore Files and Folders to Original Location
- postRestore Files and Folders to Another Location
- postPrepare Files and Folders for Download
- postDownload Files and Folders
- getGet All Unstructured Data Mount Points
- getGet Unstructured Data Mount Point
- postBrowse Unstructured Data File System
- postSearch for Files and Folders in Unstructured Data Source
- postBrowse Search Results
- postCopy Files and Folders to Specific Folder
- getGet Mount Points of All Entra ID Tenants
- getGet Mount Point of Microsoft Entra ID Tenant
- postGet Restore Points of Microsoft Entra ID Tenant
- postGet Microsoft Entra ID Items
- postGet Microsoft Entra ID Item
- postGet Restore Points of Microsoft Entra ID Item
- postValidate Microsoft Entra ID Items
- postCheck Microsoft Entra ID Items in Production
- postGenerate Microsoft Entra ID User Passwords
- postRestore Microsoft Entra ID Items
- postRestore Microsoft Entra ID Item Properties
- postCompare Microsoft Entra ID Item Properties
- postStart Comparing Microsoft Entra ID Item Properties
- getGet Comparison Results for Microsoft Entra ID Items
- postStart Comparing Microsoft Entra ID Conditional Access Policy
- getGet Comparison Results for Microsoft Entra ID Conditional Access Policy
- postExport Microsoft Entra ID Items
- postUpload Microsoft Entra ID Users
- postUpload Microsoft Entra ID Groups
- postUpload Microsoft Entra ID Administrative Units
- postUpload Microsoft Entra ID Roles
- postUpload Microsoft Entra ID Applications
- postUpload Microsoft Entra ID Conditional Access Policies
- getGet All Restore Sessions of Microsoft Entra ID Tenant
- getGet Restore Session of Microsoft Entra ID Tenant
- getGet Restore Session Logs of Microsoft Entra ID Tenant
- postStop Restore Session of Microsoft Entra ID Tenant
- Restore
- getGet All VM Mount Points
- postStart Instant Recovery
- getGet VM Mount Point
- postStop VM Publishing
- postStart VM Migration
- postRestore Entire VMware vSphere VM
- postRestore Entire VMware Cloud Director VM
- getGet All FCD Mounts
- postStart Instant FCD Recovery
- getGet FCD Mount Point
- postStop FCD Publishing
- postStart FCD Migration
- postStart File Restore
- postUnmount File System
- postGet User Code for Delegated Restore of Microsoft Entra ID Items
- postGet Credentials for Delegated Restore of Microsoft Entra ID Items
- postMount Microsoft Entra ID Tenant
- postUnmount Microsoft Entra ID Tenant
- postStart Microsoft Entra ID Audit Log Restore
- postUnmount Microsoft Entra ID Audit Logs
- Data Integration API
- Tasks
- Replicas
- Replica Restore Points
- Failover
- Failback
- Sessions
- Agents
- Automation
- postImport Jobs
- postExport Jobs
- postImport Credentials
- postExport Credentials
- postImport Cloud Credentials
- postExport Cloud Credentials
- postImport Proxies
- postExport Proxies
- postImport Servers
- postExport Servers
- postImport Repositories
- postExport Repositories
- postImport Encryption Passwords
- postExport Encryption Passwords
- getGet All Automation Sessions
- getGet Automation Session
- getGet Automation Session Logs
- postStop Automation Session
This section contains quick start guides on how to perform complex scenarios with Veeam Backup & Replication REST API.
You can perform mass deployment of your backup infrastructure by using the Automation section of the REST API. The section includes methods that let you import and export resources in the JSON format. You can use these methods, for example, to set up your backup infrastructure from a JSON specification or to migrate your infrastructure from one backup server to another.
The Automation section includes dedicated methods for individual resources, so you can export and import resources granularly.
Exported resources do not include IDs. All credentials are exported with empty passwords, passphrases and private keys. Before you export resources that contain sensitive data, you can mark them by using tag parameters.
As soon as you can import an entire collection of resources with one HTTP request, you may need to check the progress of the import operation. In response to your request, you receive a session. Within this session, Veeam Backup & Replication adds the specified objects to the backup infrastructure. To check the import progress, you can track the session state. For more information, see Tracking Import Operation.
To set up backup infrastructure using the automation methods, you must import resources in the following order:
- Credentials and encryption passwords
- Managed servers
- Backup repositories
- Backup proxies
- Backup jobs
In this example, you will migrate backup infrastructure from one backup server to another. You have a backup server backupserver01 where a VMware vSphere infrastructure is deployed. It includes managed Microsoft Windows and Linux servers, backup repositories and backup proxies, and configured backup jobs. You need to migrate the infrastructure to another backup server backupserver02.
To migrate backup infrastructure from backupserver01 to backupserver02, take the following steps:
To log in to backupserver01 and backupserver02, send the HTTP POST requests to the
/api/oauth2/tokenpaths. In response, you receive access and refresh tokens.
For more information, see Requesting Authorization.Export credentials records from backupserver01 with the Export Credentials request.
In response, you receive an array of credentials records. Each record contains empty values of sensitive parameters: passwords, passphrases and private keys.Import the credentials to backupserver02 with the Import Credentials request. In the request body, specify the imported credentials. Fill in passwords, passphrases and private keys manually.
Export servers managed by backupserver01 with the Export Servers request.
In response, you receive an array of servers. The array does not include backupserver01 itself — the server where Veeam Backup & Replication is installed.Import managed servers to backupserver02 with the Import Servers request. In the request body, specify the array of servers exported from backupserver01.
In response, you receive an automation session. Within the session, the specified servers are added to the backupserver02 infrastructure. For more information on tracking the session state, see Tracking Import Operation.Export backup repositories from backupserver01 with the Export Repositories request. In response, you receive an array of backup repositories.
Import backup repositories to backupserver02 with the Import Repositories request. In the request body, specify the repositories exported from backupserver01.
In response, you receive an automation session. Within the session, the specified backup repositories are added to the backupserver02 infrastructure. For more information on tracking the session state, see Tracking Import Operation.If you use backup proxies and encryption keys in your backup jobs, migrate them similarly.
Export backup jobs from backupserver01 with the Export Jobs request. In response, you receive an array of jobs.
Import backup jobs to backupserver02 with the Import Jobs request. In the request body, specify the jobs imported from backupserver01.
In response you receive an automation session. Within the session, the specified backup jobs are created on backupserver02. For more information on tracking the session state, see Tracking Import Operation.
When you perform an import operation, you send the POST HTTP request. In response, you receive a session of the Automation type. Within this session, Veeam Backup & Replication adds new objects (for example, credentials, managed servers or backup jobs) to the infrastructure of the backup server. To check the import progress, track the session state. If the import fails, you can view debug logs for detailed information on each object.
For example, you import credentials records. In response, you receive an automation session. To track the session state, run the Get Automation Session request.
If some of the credentials records are not imported, you can view debug logs for detailed information on each record. To do this, send the Get Automation Session request.
With Veeam Backup & Replication REST API, you can add the following types of object storage repositories:
- Microsoft Azure Blob storage, Microsoft Azure Archive storage, and Microsoft Azure Data Box storage
- Amazon S3 storage, Amazon S3 Glacier storage, and AWS Snowball Edge storage
- Google Cloud storage
- S3 compatible storage
- IBM Cloud storage
- Wasabi Cloud storage
- Veeam Data Cloud Vault (revision 1.3-rev0 and later)
To add an object storage repository, take the following steps:
Add a cloud credentials record required for connection to the object storage repository. For details, see Add Cloud Credentials Record.
In response, you receive a model of the created cloud credentials record with its ID. Save the ID, you will require it later.
Choose a location (cloud container and folder) that you want to map to new object storage repository. Save folder names and container names.
- To browse existing folders, send the Get Cloud Hierarchy request.
- To create a new folder, send the New Folder request. Note Veeam Backup & Replication REST API does not create new containers, you can create a folder inside an existing container only.
Add a new object storage repository with the Add Repository requests.
In the request body among other parameters, specify the following parameters obtained in the previous steps:
- Cloud credentials required for connection to the object storage repository.
- Cloud location you want to map to the object storage repository.
The REST API allows you to backup and restore entire Microsoft Entra ID items (users, groups, administrative units, applications and roles) and item properties as well as audit and sign-in logs.
Before you can back up Microsoft Entra ID data, you must add a Microsoft Entra ID tenant to your backup infrastructure. When adding a Microsoft Entra ID tenant, you need to specify an existing Microsoft Entra ID app registration or let Veeam Backup & Replication create a new one.
If you choose to create a new app registration, you must generate a verification code and register the new application before you start adding a tenant:
- To generate a code, use the Get Microsoft Entra ID Verification Code request.
- To register the new application, use the Register Microsoft Entra ID Application request.
To add a tenant, use the Add Microsoft Entra ID Tenant request.
You can create the following types of backup jobs:
| Backup Job Type | Description |
|---|---|
EntraIDTenantBackup |
Microsoft Entra ID tenant backup job, which backs up tenant items such as users, groups, administrative units, applications and roles. |
EntraIDAuditLogBackup |
Microsoft Entra ID audit log backup job, which backs up Microsoft Entra ID audit and sign-in logs. |
To create a backup job, use the Create Job request. In the request body, specify a job type and other job settings.
To enable backup of Conditional Access policies, add the following registry key:
New-ItemProperty -Path "HKLM:SOFTWARE\Veeam\Veeam Backup and Replication" -Name "EntraIdBackupSupportsConditionalAccessPolicyRestore" -Value "1" -PropertyType DWORD -Force
Additionally, make sure that the Microsoft Entra application used for tenant backup and restore has required permissions. For details, see the Considerations and Limitations section of the Veeam Backup & Replication User Guide.
Restoring Microsoft Entra ID Items and Item Properties
To restore entire Microsoft Entra ID items or item properties, take the following steps:
To get a backup ID of the Microsoft Entra ID tenant backup that you want to use for restore, send the Get All Backups request.
To start a mount session and mount the tenant backup to the mount point, use the Mount Microsoft Entra ID Tenant request. In response, you receive a mount session ID that you will need later. You can also get existing mount sessions using the Get Mount Points for All Entra ID Tenants request.
To browse the Microsoft Entra ID tenant backup for the items that you want to restore, send the Get Microsoft Entra ID Items request.
Choose the restore points from which to restore your items:
To choose a restore point from the list of all tenant's restore points, send the Get Restore Points of Microsoft Entra ID Tenant request.
To check that the selected restore point contains all the items that you want to restore, send the Validate Microsoft Entra ID Tenant Items request. In the response body, you receive an array of items that are missing in the restore point. To browse restore points that are available for each of the missing items, use the Get Restore Points of Microsoft Entra ID Item request.
If you want to check if there are any differences between two restore points for a specific item, you can either synchronous or asynchronous request:
When you send a synchronous request, the client will stop execution until comparison results are ready. For details, see Compare Microsoft Entra ID Item Properties.
When you send an asynchronous request, you receive a comparison session immediately so the client can continue execution, and you can process the comparison results later when the session changes its state to Success. For details, see Start Comparing Microsoft Entra ID Item Properties and Get Comparison Results for Microsoft Entra ID Items.
To compare Conditional Access policies, use the Start Comparing Microsoft Entra ID Conditional Access Policy asynchronous requests. To get the comparison results send the Get Comparison Results for Microsoft Entra ID Conditional Access Policy request.
If you want to check if a backed up item exists in the production environment, send the Check Microsoft Entra ID Items in Production request.
If you restore users, send the Generate Microsoft Entra ID User Passwords request to generate custom passwords for restored Microsoft Entra ID users. Alternatively, you can specify one default password for all restored users.
[Delegated restore] If you perform the restore operation under the Restore Operator role, you must obtain credentials to connect to the production Microsoft Entra ID tenant:
a. Obtain a user code. For details, see Get User Code for Delegated Restore of Microsoft Entra ID Items.
b. To get the credentials required for restore, send the Get Credentials for Delegated Restore of Microsoft Entra ID Items request. Use the obtained credentials ID in the request body oh the restore requests.
To restore Microsoft Entra ID items, send the Restore Microsoft Entra ID Items request. The request starts a restore session.
To restore item properties, send the Restore Microsoft Entra ID Item Properties request.
To stop restore sessions, send the Stop Restore Session of Microsoft Entra ID Tenant request.
To stop the mount session and unmount the tenant backup from the mount point, send the Unmount Microsoft Entra ID Tenant request.
Restoring Microsoft Entra ID Audit Logs
To restore Microsoft Entra ID audit and sign-in logs, take the following steps:
To get the ID of the Microsoft Entra ID log backup that you want to use for restore, send the Get All Backups request.
To start a mount session and mount log files to the mount point, use the Start Microsoft Entra ID Audit Log Restore request. In response, you receive a mount session ID that you will need later. You can also get existing mount sessions using the Get All File Restore Mount Points request.
To browse the hierarchy tree of the mounted log files, use the Compare Files and Folders request. If you specify an empty path in the request body, you will browse the root folder, and then you can go deeper into the tree.
If you want to search for a specific file or folder, use the Search for Files and Folders and Browse Search Results requests.
To restore log files, send the Copy Files and Folders to Specific Folder request.
To stop the mount session and unmount the log files from the mount point, send the Unmount Microsoft Entra ID Audit Logs request.
Using Veeam Backup & Replication REST API, you can restore files and folders from backups (Microsoft Windows and other file systems) and replicas (Microsoft Windows file systems).
To restore files and folders, take the following steps:
- Start the restore session and mount the machine file system to the mount server.
- Perform restore operations.
- Stop the restore session.
To mount the file system to the mount server, do the following:
Get a restore point from a backup or a replica.
To get a restore point from a backup, perform the following steps:
To get the backup object from which you want to restore files or folders, send the Get All Backup Objects request. Save the backup object ID that you need.
To get the necessary restore point from the backup object, use the Get Restore Points request, using the backup object ID. Save the restore point ID that you need.
Alternatively, you can use the Get All Restore Points request to get an array of all backup restore points created on the backup server. Save the restore point ID that you need.
To get a restore point from a replica, perform the following steps:
To get the replica from which you want to restore files or folders, send the Get All Replicas request. Save the replica ID that you need.
To get the necessary restore point from the replica, use the Get All Replica Restore Points request, using the replica ID. Save the restore point ID that you need.
Alternatively, you can use the Get All Replica Restore Points request to get an array of all replica restore points created on the backup server. Save the restore point ID that you need.
Get the necessary credentials ID with the Get All Credentials request. To add a new credentials record, use the Add Credentials Record request. This step is not necessary when restoring files or folders from a Windows-based server to the original location.
Mount the file system to the mount server with the Start File Restore request. In response, you will receive a
FileLevelRestoresession. Save the restore session ID to use it for restore operations.
To restore files and folders, take the following steps:
[Optional] If you have a Windows machine, use the Compare Files and Folders request to compare file system items (drives, folders, files and links) on the production machine with the items available in the
FileLevelRestoresession.[Optional] If you want to search for a specific file or folder, use the Search for Files and Folders and Browse Search Results requests. These requests allow you to preview the hierarchy tree of the mounted files and folders. If you specify an empty path in the request body, you will browse the root folder, and then you can go deeper into the tree.
To restore the necessary files or folders you can perform any of the following operations:
To restore files and folders, send the Restore Files and Folders to Original Location or Restore Files and Folders to Another Location request.
To download a ZIP archive with files and folders to the machine where the Veeam Backup & Replication console is installed, send the Download Files and Folders request.
[For unstructured data] To copy files and folders to the machine where the Veeam Backup & Replication console is installed or to a network shared folder, send the Copy Files and Folders to Specific Folder request.
To stop the mount session and unmount the file system from the mount point, send the Unmount File System request. This step is obligatory if you have disabled autoUnmount in the Start File Restore request body.