Veeam Backup & Replication 13
REST API Reference
Related documents

Security

The Security section defines paths and operations for managing Security & Compliance Analyzer and getting four-eyes authorization events.

Start Security & Compliance Analyzer

The HTTP POST request to the /api/v1/securityAnalyzer/start path allows you to start Security & Compliance Analyzer on the backup server.

Available to: Veeam Backup Administrator, Veeam Security Administrator.

SecurityBearer
Request
header Parameters
x-api-version
required
string
Default: 1.3-rev0

Version and revision of the client REST API. Must be in the following format: <version>-<revision>.

Responses
201

A SecurityComplianceAnalyzer session has been created to start Security & Compliance Analyzer. To check the progress, track the session state.

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.

500

Internal server error. The request has been received but could not be completed because of an internal error at the server side.

post/api/v1/securityAnalyzer/start
Request samples 
Response samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "jobId": "9d222c6d-893e-4e79-8201-3c9ca16a0f39",
  • "sessionType": "Infrastructure",
  • "creationTime": "2019-08-24T14:15:22Z",
  • "endTime": "2019-08-24T14:15:22Z",
  • "state": "Stopped",
  • "progressPercent": 0,
  • "result": {
    },
  • "resourceId": "026d60bb-63a8-407e-bf67-01dcfc6022e6",
  • "resourceReference": "string",
  • "parentSessionId": "b1d7834e-fe2f-4cad-b0e5-ff5c5615f344",
  • "usn": 0,
  • "platformName": "VMware",
  • "platformId": "32a6e381-64f4-4911-86b6-3bf681b64d23",
  • "initiatedBy": "string"
}
Get Security & Compliance Analyzer Last Run
The HTTP GET request to the /api/v1/securityAnalyzer/lastRun path allows you to get the last session of Security & Compliance Analyzer.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


get/api/v1/securityAnalyzer/lastRun
Request samples 
Response samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "jobId": "9d222c6d-893e-4e79-8201-3c9ca16a0f39",
  • "sessionType": "Infrastructure",
  • "creationTime": "2019-08-24T14:15:22Z",
  • "endTime": "2019-08-24T14:15:22Z",
  • "state": "Stopped",
  • "progressPercent": 0,
  • "result": {
    },
  • "resourceId": "026d60bb-63a8-407e-bf67-01dcfc6022e6",
  • "resourceReference": "string",
  • "parentSessionId": "b1d7834e-fe2f-4cad-b0e5-ff5c5615f344",
  • "usn": 0,
  • "platformName": "VMware",
  • "platformId": "32a6e381-64f4-4911-86b6-3bf681b64d23",
  • "initiatedBy": "string"
}
Get Security & Compliance Analyzer Schedule
The HTTP GET request to the /api/v1/securityAnalyzer/schedule path allows you to get the Security & Compliance Analyzer schedule. 
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


get/api/v1/securityAnalyzer/schedule
Request samples 
Response samples 
application/json
{
  • "dailyScanEnabled": true,
  • "dailyScanLocalTime": "14:15:22Z",
  • "sendScanResults": true,
  • "recipients": "string",
  • "notificationType": "UseGlobalNotificationSettings",
  • "customNotificationSettings": {
    }
}
Modify Security & Compliance Analyzer Schedule
The HTTP PUT request to the /api/v1/securityAnalyzer/schedule path allows you to modify the Security & Compliance Analyzer schedule.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Request Body schema: application/json
required
dailyScanEnabled
boolean
If true, Security & Compliance Analyzer runs daily.


 
dailyScanLocalTime
string <time> 
Local time when the Security & Compliance Analyzer session must start.


 
sendScanResults
boolean
If true, email notifications with scan results are enabled.


 
recipients
string
Recipient email addresses separated with a semicolon.


 
notificationType
string (EEmailNotificationType) 
Type of email notification settings (global notification settings specified for the backup server, or custom notification settings specified for this job).


 Enum: "UseGlobalNotificationSettings" "UseCustomNotificationSettings"  
object (SecurityAnalyzerEmailNotificationSettings) 
Custom notification settings specified for Security & Compliance Analyzer.


 
Responses 
200
OK


400
Bad request. This error is related to POST/PUT requests. The request body is malformed, incomplete or otherwise invalid.


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


put/api/v1/securityAnalyzer/schedule
Request samples 
application/json
{
  • "dailyScanEnabled": true,
  • "dailyScanLocalTime": "14:15:22Z",
  • "sendScanResults": true,
  • "recipients": "string",
  • "notificationType": "UseGlobalNotificationSettings",
  • "customNotificationSettings": {
    }
}
Response samples 
application/json
{
  • "dailyScanEnabled": true,
  • "dailyScanLocalTime": "14:15:22Z",
  • "sendScanResults": true,
  • "recipients": "string",
  • "notificationType": "UseGlobalNotificationSettings",
  • "customNotificationSettings": {
    }
}
Reset All Security & Compliance Analyzer Statuses
The HTTP POST request to the /api/v1/securityAnalyzer/bestPractices/resetAll path allows you to restore default compliance statuses for all Security & Compliance Analyzer best practices.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


post/api/v1/securityAnalyzer/bestPractices/resetAll
Request samples 
Response samples 
application/json
{
  • "items": [
    ]
}
Get Security & Compliance Analyzer Results
The HTTP GET request to the /api/v1/securityAnalyzer/bestPractices path allows you to get best practices compliance result from the Backup server.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


404
Not found. No object was found with the path parameter specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


get/api/v1/securityAnalyzer/bestPractices
Request samples 
Response samples 
application/json
{
  • "items": [
    ]
}
Suppress Security & Compliance Analyzer Best Practice Status
The HTTP POST request to the /api/v1/securityAnalyzer/bestPractices/{id}/suppress path allows you to suppress a Security & Compliance Analyzer best practice compliance status that has the specified best practice id. 
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
Best practice ID. To get the ID, run the Get Security & Compliance Analyzer Results request.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Request Body schema: application/json
optional
note
string
Note that specifies the reason for suppressing the option (excluding it from the analyzer checklist).


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


post/api/v1/securityAnalyzer/bestPractices/{id}/suppress
Request samples 
application/json
{
  • "note": "string"
}
Response samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "bestPractice": "string",
  • "status": "Analyzing",
  • "note": "string"
}
Reset Security & Compliance Analyzer Status
The HTTP POST request to the /api/v1/securityAnalyzer/bestPractices/{id}/reset path allows you to reset the compliance status of a Security & Compliance Analyzer best practice that has the specified id. 
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
Best practice ID. To get the ID, run the Get Security & Compliance Analyzer Results request.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


post/api/v1/securityAnalyzer/bestPractices/{id}/reset
Request samples 
Response samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "bestPractice": "string",
  • "status": "Analyzing",
  • "note": "string"
}
Get All Authorization Events
The HTTP GET request to the /api/v1/authorization/events path allows you to get an array of security-related events. These events cover the following operation types:
     
  • Approved and rejected requests
    •  
  • Updated four-eyes authorization settings
    •  
  • Updated settings for users and user groups
    •  
  • Assigned roles
    •  
  • Added or deleted users and user groups
 
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
query Parameters
skip
integer <int32> 
Number of authorization events to skip.


 
limit
integer <int32> 
 Default:  200
Maximum number of authorization events to return.


 
orderColumn
string (EAuthorizationEventsFiltersOrderColumn) 
Sorts authorization events by one of the authorization events parameters.


 Enum: "Name" "State" "CreationTime" "ProcessedTime" "ExpirationTime" "Description" "InitiatedBy" "ProcessedBy"  
orderAsc
boolean
If true, sorts authorization events in the ascending order by the orderColumn parameter.


 
nameFilter
string
Filters authorization events by the nameFilter pattern. The pattern can match any authorization event parameter. To substitute one or more characters, use the asterisk (*) character at the beginning, at the end or both.


 
createdAfterFilter
string <date-time> 
Returns authorization events that are created after the specified date and time.


 
createdBeforeFilter
string <date-time> 
Returns authorization events that are created before the specified date and time.


 
processedAfterFilter
string <date-time> 
Returns authorization events that are processed after the specified date and time.


 
processedBeforeFilter
string <date-time> 
Returns authorization events that are processed before the specified date and time.


 
stateFilter
Array of strings (EAuthorizationEventState) 
Filters authorization events by state.


Items Enum: "Pending" "Approved" "Rejected" "Expired" "Info"  
createdByFilter
string
Filters authorization events created by the specified user.


 
processedByFilter
string
Filters authorization events processed by the specified user.


 
expireBeforeFilter
string <date-time> 
Returns authorization events that expire before the specified date and time.


 
expireAfterFilter
string <date-time> 
Returns authorization events that expire after the specified date and time.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


get/api/v1/authorization/events
Request samples 
Response samples 
application/json
{
  • "data": [
    ],
  • "pagination": {
    }
}
Get Authorization Event
The HTTP GET request to the /api/v1/authorization/events/{id} path allows you to get an authorization event that has the specified id.
Available to: Veeam Backup Administrator, Veeam Security Administrator.


SecurityBearer 
Request 
path Parameters
id
required
string <uuid> 
Authorization event ID. To get the ID, run the Get All Authorization Events request.


 
header Parameters
x-api-version
required
string
 Default:  1.3-rev0
Version and revision of the client REST API. Must be in the following format: <version>-<revision>.


 
Responses 
200
OK


401
Unauthorized. The authorization header has been expected but not found (or found but is expired).


403
Forbidden. The user sending the request does not have adequate privileges to access one or more objects specified in the request.


500
Internal server error. The request has been received but could not be completed because of an internal error at the server side.


get/api/v1/authorization/events/{id}
Request samples 
Response samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "description": "string",
  • "state": "Pending",
  • "creationTime": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "expirationTime": "2019-08-24T14:15:22Z",
  • "processedBy": "string",
  • "processedTime": "2019-08-24T14:15:22Z"
}