BeyondTrust Privileged Remote Access API Programmer's Guide
Version 1.19.0 (for BeyondTrust PRA 19.1.x)
Front-end integration of the BeyondTrust API enables customers to correlate BeyondTrust sessions with third-party or in-house developed applications to pull report data, issue commands, or automatically save a backup of the BeyondTrust Appliance's software configuration on a recurring basis.
One common example of API integration would be linking a customer relationship management ticketing system to BeyondTrust sessions.
You could also add a feature to an application to enable the user to start a session from directly within that program instead of the BeyondTrust access console.
To use the BeyondTrust API, ensure that the Enable XML API option is checked on the Management > API Configuration page of the /login administrative interface.
For the examples in the following pages, a sample URL of access.example.com is used. Please replace this URL with your BeyondTrust Appliance's public site URL.
The command and reporting APIs return XML responses that declare a namespace. If you are parsing these responses with a namespace-aware parser, you will need to set the namespace appropriately or ignore the namespace while parsing the XML.
- Reporting API: https://www.beyondtrust.com/namespaces/API/reporting
- Command API: https://www.beyondtrust.com/namespaces/API/command
The above namespaces are returned XML data and are not functional URLs.
Prior to 16.1, a user account was used to authenticate to the API, with the username and password being passed in the request. Starting with 16.1, this method has been deprecated and is not available to new users. Instead, one or more API accounts must be created, with their client IDs and client secrets used to generate OAuth tokens.
For users upgrading from a version prior to 16.1, the option to authenticate to the API with a user account is still available for backwards compatibility. However, it is highly recommended that you use the more secure OAuth method of authentication. If you are unable to switch to OAuth authentication, please follow the API request format described in our documentation archive.