Command API

The command API is designed to send commands to your BeyondTrust site from an outside application. Commands can get or set session attributes, join an existing session, or terminate a session. You can also check the health of your B Series Appliance or get information about your BeyondTrust API version.

The command API is an authenticated API. For instructions on using authenticated APIs using OAuth, please see Authenticate to the Privileged Remote Access API.

Commands are executed by sending an HTTP request to the B Series Appliance. Send the request using any HTTPS-capable socket library, scripting language module, or URL fetcher such as cURL or wget. Use either GET or POST as the request method.

POST requests must include a "Content-Type: application/x-www-form-urlencoded" HTTP header when supplying parameters in the request body, and the parameters must be url-encoded. Multipart POST requests are not supported.


When making consecutive API calls, you must close the connection after each API call.

The command API URL is

An XML schema describing the command API response format is available at

Required Parameter for Command API

action=[string] The type of action to perform. Can be join_session, set_session_attributes, get_session_attributes, import_jump_shortcut, terminate_session, check_health, set_failover_role, or get_api_info.

The command API returns XML responses that declare a namespace. If you are parsing these responses with a namespace-aware parser, you need to set the namespace appropriately or ignore the namespace while parsing the XML.

  • Command API:

The above namespace is returned XML data and is not a functional URL.

Prior to 16.1, a user account was used to authenticate to the API, with the username and password being passed in the request. Starting with 16.1, this method has been deprecated and is not available to new users. Instead, one or more API accounts must be created, with their client IDs and client secrets used to generate OAuth tokens.

For users upgrading from a version prior to 16.1, the option to authenticate to the API with a user account is still available for backwards compatibility. However, it is highly recommended that you use the more secure OAuth method of authentication. If you are unable to switch to OAuth authentication, please follow the API request format described in our documentation archive.