Veeam Backup & Replication 13
REST API Reference
Related documents

Encryption

The Encryption section defines paths and operations for managing KMS servers and passwords that are used for data encryption.

Get All Encryption Passwords

The HTTP GET request to the /api/v1/encryptionPasswords path allows you to get an array of all passwords that are used for data encryption.

Available to: Veeam Backup Administrator, Veeam Security Administrator.

SecurityBearer
Request
query Parameters
skip
integer <int32>

Number of passwords to skip.

limit
integer <int32>
Default: 200

Maximum number of passwords to return.

orderColumn
string (EEncryptionPasswordsFiltersOrderColumn)

Sorts passwords by one of the password parameters.

Enum: "Hint" "ModificationTime"
orderAsc
boolean

If true, sorts passwords in the ascending order by the orderColumn parameter.

hintFilter
string

Filters encryption passwords by the hintFilter pattern. To substitute one or more characters, use the asterisk (*) character at the beginning and/or at the end.

header Parameters
x-api-version
required
string
Default: 1.3-rev0

Version and revision of the client REST API. Must be in the following format: <version>-<revision>.

Responses
200

OK

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.

500

Internal server error. The request has been received but could not be completed because of an internal error at the server side.

get/api/v1/encryptionPasswords
Request samples 
Response samples 
application/json
{
  • "data": [
    ],
  • "pagination": {
    }
}
Add Encryption Password
The HTTP POST request to the /api/v1/encryptionPasswords path allows you to add an encryption password.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Request Body schema: application/json
required
hint
required
string
Hint for the encryption password. Provide a meaningful hint that will help you recall the password.


 
password
required
string
Password for data encryption. If you lose the password, you will not be able to restore it.


 
uniqueId
string
Unique ID for the encryption password.


 
isImported
boolean
Determines whether the password is imported or not.


 
Responses 
201
Password has been added.


400
Bad request. This error is related to POST/PUT requests. The request body is malformed, incomplete or otherwise invalid.


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


post/api/v1/encryptionPasswords
Request samples 
application/json
{
  • "password": "passsw3wrsdf2d44",
  • "hint": "Pet name",
  • "uniqueId": "vcenter01"
}
Response samples 
application/json
{
  • "id": "86e99ee0-3673-48d6-bf6a-9a8058d4de96",
  • "hint": "Pet name",
  • "modificationTime": "2023-02-13T02:22:40.801982-08:00",
  • "uniqueId": "vcenter01"
}
Get Encryption Password
The HTTP GET request to the /api/v1/encryptionPasswords/{id} path allows you to get an encryption password that has the specified id.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
Encryption password ID. To get the ID, run the Get All Encryption Passwords request.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


get/api/v1/encryptionPasswords/{id}
Request samples 
Response samples 
application/json
{
  • "id": "86e99ee0-3673-48d6-bf6a-9a8058d4de96",
  • "hint": "Pet name",
  • "modificationTime": "2023-02-13T02:22:40.801982-08:00",
  • "uniqueId": "vcenter01"
}
Edit Encryption Password Hint
The HTTP PUT request to the /api/v1/encryptionPasswords/{id} path allows you to edit the hint for an encryption password that has the specified id.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
Encryption password ID. To get the ID, run the Get All Encryption Passwords request.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Request Body schema: application/json
required
hint
required
string
Hint for the encryption password.


 
id
required
string <uuid> 
ID of the encryption password.


 
modificationTime
string <date-time> 
Date and time when the password was last modified.


 
uniqueId
string
Unique ID for the encryption password.


 
isImported
boolean
Determines whether the password is imported or not.


 
Responses 
200
Password has been updated.


400
Bad request. This error is related to POST/PUT requests. The request body is malformed, incomplete or otherwise invalid.


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


put/api/v1/encryptionPasswords/{id}
Request samples 
application/json
{
  • "id": "86e99ee0-3673-48d6-bf6a-9a8058d4de96",
  • "hint": "Pet name",
  • "modificationTime": "2023-02-13T02:22:40.801982-08:00",
  • "uniqueId": "vcenter01"
}
Response samples 
application/json
{
  • "id": "86e99ee0-3673-48d6-bf6a-9a8058d4de96",
  • "hint": "Pet name",
  • "modificationTime": "2023-02-13T02:22:40.801982-08:00",
  • "uniqueId": "vcenter01"
}
Remove Encryption Password
The HTTP DELETE request to the /api/v1/encryptionPasswords/{id} path allows you to remove an encryption password that has the specified id.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
Encryption password ID. To get the ID, run the Get All Encryption Passwords request.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
204
Password has been removed.


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


delete/api/v1/encryptionPasswords/{id}
Request samples 
Response samples 
application/json
{ }
Change Encryption Password
The HTTP POST request to the /api/v1/encryptionPasswords/{id}/changepassword path allows you to change an encryption password that has the specified id.
 Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
Encryption password ID. To get the ID, run the Get All Encryption Passwords request.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Request Body schema: application/json
required
hint
required
string
Hint for the encryption password.


 
password
required
string
New password.


 
Responses 
200
Password has been changed.


400
Bad request. This error is related to POST/PUT requests. The request body is malformed, incomplete or otherwise invalid.


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


post/api/v1/encryptionPasswords/{id}/changepassword
Request samples 
application/json
{
  • "hint": "Pet name",
  • "password": "passsw3wrsdf2d44"
}
Response samples 
application/json
{ }
Verify Encryption Password
The HTTP POST request to the /api/v1/encryptionPasswords/{id}/verify path allows you to verify an encryption password that has the specified id.
 Available to: Veeam Backup Administrator, Veeam Security Administrator.
"


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
ID of the encryption password.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Request Body schema: application/json
required
password
required
string
Password to be verified.


 
Responses 
200
Password has been verified.


400
Bad request. This error is related to POST/PUT requests. The request body is malformed, incomplete or otherwise invalid.


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


post/api/v1/encryptionPasswords/{id}/verify
Request samples 
application/json
{
  • "password": "string"
}
Response samples 
application/json
{
  • "isSuccessful": true,
  • "message": "string"
}
Get All KMS Servers
The HTTP GET request to the /api/v1/kmsServers path allows you to get an array of all KMS servers that are added to the backup infrastructure.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
query Parameters
skip
integer <int32> 
Number of KMS servers to skip.


 
limit
integer <int32> 
 Default:  200
Maximum number of KMS servers to return.


 
orderColumn
string (EKMSFiltersOrderColumn) 
Sorts KMS servers by one of the KMS server parameters.


 Enum: "Name" "Type"  
orderAsc
boolean
If true, sorts KMS servers in the ascending order by the orderColumn parameter.


 
nameFilter
string
Filters KMS servers by the nameFilter pattern. The pattern can match any KMS server parameter. To substitute one or more characters, use the asterisk (*) character at the beginning, at the end or both.


 
typeFilter
string (EKeyManagementServerType) 
Filters KMS servers by KMS server type.


 Value: "KMS"  
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


get/api/v1/kmsServers
Request samples 
Response samples 
application/json
{
  • "data": [
    ],
  • "pagination": {
    }
}
Add KMS Server
The HTTP POST request to the /api/v1/kmsServers path allows you to add a KMS server to the backup infrastructure.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Request Body schema: application/json
required
name
required
string
Full DNS name or IP address of the KMS server.


 
type
required
string (EKeyManagementServerType) 
KMS server type.


 
port
required
integer
KMIP port on the backup server. You must open the port manually.


 
required
object (CertificateUploadSpec) 
Certificate settings (for certificate-based authentication).


 
required
object (CertificateUploadSpec) 
Certificate settings (for certificate-based authentication).


 
description
string
KMS server description.


 
Responses 
201
KMS server has been added.


400
Bad request. This error is related to POST/PUT requests. The request body is malformed, incomplete or otherwise invalid.


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


post/api/v1/kmsServers
Request samples 
application/json
{
  • "name": "string",
  • "description": "string",
  • "type": "KMS",
  • "port": 0,
  • "serverCertificate": {
    },
  • "clientCertificate": {
    }
}
Response samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "description": "string",
  • "type": "KMS",
  • "port": 0,
  • "serverCertificateThumbprint": "string",
  • "clientCertificateThumbprint": "string"
}
Get KMS Server
The HTTP GET request to the /api/v1/kmsServers/{id} path allows you to get a KMS server that has the specified id.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
KMS server ID. To get the ID, run the Get All KMS Servers request.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


get/api/v1/kmsServers/{id}
Request samples 
Response samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "description": "string",
  • "type": "KMS",
  • "port": 0,
  • "serverCertificateThumbprint": "string",
  • "clientCertificateThumbprint": "string"
}
Edit KMS Server
The HTTP PUT request to the /api/v1/kmsServers/{id} path allows you to edit a KMS server that has the specified id.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
KMS server ID. To get the ID, run the Get All KMS Servers request.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Request Body schema: application/json
required
id
required
string <uuid> 
ID of the KMS server.


 
name
required
string
Full DNS name or IP address of the KMS server.


 
type
required
string (EKeyManagementServerType) 
KMS server type.


 
port
required
integer <int32> 
KMIP port on the backup server.


 
description
string
KMS server description.


 
serverCertificateThumbprint
string
Thumbprint of the KMS server certificate.


 
clientCertificateThumbprint
string
Thumbprint of the client certificate created on the KMS server.


 
Responses 
200
KMS server has been updated.


400
Bad request. This error is related to POST/PUT requests. The request body is malformed, incomplete or otherwise invalid.


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


put/api/v1/kmsServers/{id}
Request samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "description": "string",
  • "type": "KMS",
  • "port": 0,
  • "serverCertificateThumbprint": "string",
  • "clientCertificateThumbprint": "string"
}
Response samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "description": "string",
  • "type": "KMS",
  • "port": 0,
  • "serverCertificateThumbprint": "string",
  • "clientCertificateThumbprint": "string"
}
Remove KMS Server
The HTTP DELETE request to the /api/v1/kmsServers/{id} path allows you to remove a KMS server that has the specified id.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
KMS server ID. To get the ID, run the Get All KMS Servers request.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
204
KMS server has been removed.


400
Bad request. This error is related to POST/PUT requests. The request body is malformed, incomplete or otherwise invalid.


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


delete/api/v1/kmsServers/{id}
Request samples 
Response samples 
application/json
{ }
Change KMS Server Certificate
The HTTP POST request to the /api/v1/kmsServers/{id}/changeCertificate path allows you to change a certificate of a KMS server that has the specified id.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
KMS server ID. To get the ID, run the Get All KMS Servers request.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Request Body schema: application/json
required
type
required
string (EKMSCertificateType) 
Certificate type.


 Enum: "Client" "Server"  
required
object (CertificateUploadSpec) 
Certificate settings (for certificate-based authentication).


 
Responses 
204
KMS server certificate has been changed.


400
Bad request. This error is related to POST/PUT requests. The request body is malformed, incomplete or otherwise invalid.


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


post/api/v1/kmsServers/{id}/changeCertificate
Request samples 
application/json
{
  • "certificate": {
    },
  • "type": "Client"
}
Response samples 
application/json
{ }