API Configuration: Enable the XML API and Configure Custom Fields


API Configuration

API Configuration

Enable XML API

Choose to enable the BeyondTrust XML API, allowing you to run reports and issue commands such as starting or transferring sessions from external applications, as well as to automatically back up your software configuration.

Only the Command, Reporting, and Client Scripting API calls are enabled/disabled by this setting. Other API calls are configured under Public Portals.

For more information, please see the API Programmer's Guide.

CLI Client Download

The CLI (Command Line Interface) tool can be downloaded to make it easier to use and configure APIs and automation scripts, and integrate them with your BeyondTrust Remote Support installation. The CLI tool is available for Windows (x64), macOS, and Linux (x64) platforms. Select the appropriate platform and click Download BTAPI CLI Client.

The download is a compressed executable file. Extract the file, and save or link it from an executable area (in your PATH).

  • For Windows systems: Open the file in a terminal such as Windows Command Prompt or Windows PowerShell.
  • For macOS systems: Run the file in the terminal.

The Help information, including options, commands, and variable instructions, displays when the program opens.

For more information on creating APIs with CLI, please see Use Cases examples in the BeyondTrustRemote Support API Guide,.

Enable Archive API

Choose to enable the state archive API to download logs of the B Series Appliance's state and of events that occurred on a given date.

API Accounts

An API account stores all of the authentication and authorization settings for the API client. At least one API account is required to use the API, either in conjunction with the Integration Client, with a third-party app, or with your own in-house developed software.

Add, Edit, Delete

Create a new account, modify an existing account, or remove an existing account.

Add or Edit an API Account


If checked, this account is allowed to authenticate to the API. When an account is disabled, all OAuth tokens associated with the account are immediately disabled.


Create a unique name to help identify this account.

OAuth Client ID

The OAuth client ID and client secret are used to create OAuth tokens, necessary for authenticating to the API.

The OAuth client ID is a unique ID generated by the B Series Appliance. It cannot be modified. The client ID is considered public information and, therefore, can be shared without compromising the security of the integration.


Add comments to help identify the purpose of this account.

OAuth Client Secret

The OAuth client secret is generated by the B Series Appliance using a cryptographically secure pseudo-random number generator.

The client secret cannot be modified, but it can be regenerated on the Edit page. Regenerating a client secret and then saving the account immediately invalidates any OAuth tokens associated with the account. Any API calls using those tokens will be unable to access the API.


Select the areas of the API this account is allowed to use.

Command API

For the command API, choose to deny access, to allow read-only access, or to allow full access.

Reporting API

For the reporting API, check each permission for this account:

  • Allow Access to Support Session Reports and Recordings
  • Allow Access to Presentation Session Reports and Recordings
  • Allow Access to License Usage Reports
  • Allow Access to Archive Reports
  • Allow Access to Vault Account Activity Reports
  • Allow Access to Syslog Reports

Backup API

Check if this account can use the backup API and has vault encryption key access.

Configuration API

Check if this account can use the configuration API and, if so, if it can manage Vault accounts.

Real-Time State API

Check if this account can use the real-time state API.

Endpoint Credential Manager API

Check if this account can use the endpoint credential manager API.

Network Restrictions

List network address prefixes from which this account can authenticate.

API accounts are not restricted by the network prefixes configured on /login > Management > Security. They are restricted only by the network prefixes configured for the API account.

Network Address Allow List

Enter the network addresses you wish to add to the allow list.