cancel
Showing results for 
Search instead for 
Did you mean: 

ePO Web API Explorer

We have been getting many questions about the ePO 4.6 Web API and its capabilities.  To provide an easy way to explore the ePO 4.6 Web API, one of our industrious engineers created a GUI application (written in C#) that allows you to explore the capabilities of the ePO Web API quickly and easily with no programming or scripting experience.

To use the program, download the attached .zip file and extract the files to a folder.

Launch ePOAPIExplorer.exe

API Exp1.png

Configure the options for your ePO server which allows the tool to know which ePO server to connect.  I would recommend this be a test server until you become familiar with the web API as any command you run here will execute on the server.

API Exp 2.png

API Exp 3.png

Here we are doing a quick test  using the "core.help" command which returns all the API commands currently available on the server.

API Exp4.png

After selecting the command and entering any required parameters (core.help does not require any additional parameters), Click the "execute command" button.

API Exp5.png

The results are returned in the "Output" window.

API Exp6.png

Now that we've executed a basic command and have validated that we are communicating to our ePO server, let's create a "test user".

Here is the server prior to running the web API command.

API Exp7.png

In the web API Explorer select the "core.addUser" command and enter the required parameters. Note the URL that is created. This is the command that is passed to the ePO server.

API Exp8.png

Here is the result returned from ePO about the command that was executed.

API Exp9.png

Now on the ePO server we see the new user.

API Exp10.png

I hope this becomes a valuable tool in helping you learn the ePO Web API.  Attached is the ePO Web API scripting guide for additional reference.  This document can also be found on the McAfee Knowledge Center http://kc.mcafee.com and/or downloaded through the ePO 4.6 Software Manager.

Revision History:

1.0.2.0: Added support for multiple <ePOCommands/> instead of just a single <command/> on the import function.

1.0.1.0: Added eeadmin commands for EEPC 6.1.2

1.0.0.0: Initial release

Regards,

Torry Campbell

Technical Director Endpoint Security

McAfee, Inc.

Edit from Moderator:  Due to the age of this thread I suggest asking further questions in this section: 

Labels (1)
Attachments
Comments

And if you have any technical issues with it, please post here or email me.

I will be monitoring the topic in case any adjustments need to be made to the program.

Regards,

Thanks for the GUI web api explorer, a good way to learn the API options

Very useful when getting started with scripting ePO. I do miss some features in the ePO web APIs such as modifying individual policy items but that's an issue with the API not the tool.

Matt

Really great tool for exploring the API.

Is there any chance that you can share the C# sourcecode for others te learn from?

Maybe. There's nothing too terribly proprietary, a couple of external libraries, but i need to ask Torry.

Good luck wading through my spagehtti code.

Mischaboender: Since it is in .net you can use ILSpy to look at the code in c#. 

eelsasser:  It may be spagehtti code but it is a great utility.

Thank you for the tool.  The ePO API Explorer is functionality that was much needed. I hope to give it a thorough testing in the coming weeks.

Great work as always Erik, I'll take you're spaghetti code over my dog food code any day

Perfect, I would suggest to all ePO users to use this API utility.

It is a great tool.

Great tool!!  We're now trying to configure a query to determine which extra.dat files have been deployed.  Anyone want to help?  Here is the sql script:

select ln.nodename as Hostname, pp.productversion as Version, pp.hotfix as Patch, ps.value as Hotfix from epoleafnode ln join epoproductproperties pp on ln.autoid = pp.parentid join epoproductsettings ps on pp.autoid = ps.parentid where ps.settingname = 'Fixes' and ps.value like '%793640%' order by hostname

A very helpful tool, thank you for it! I always use it when I work with the web api. 🙂

Btw:

I've found a little bug: If you collapse the elements in the TreeView twice --> an unhandled exception appears. 😉

This tool is very helpful when testing the scripts.

I'm wanting to write some programs that us C# as well but I can't figure out how to authenticate to the Epo server before I use the URL.

For example I'm writing a program in c# that exports the recovery information for computers that are encrypted.

I'm just wondering how you're passing the user's username and password to the epo server.

Any help would be appricated.

Here is a C# console app I use for testing, see the create web request comment.

//Torry Campbell

//McAfee Inc. 2012

using System;

using System.Text;

using System.Net;

using System.IO;

namespace ePOConnect

{

    class Program

    {

     

        static void Main(string[] args)

        {

            //Get ePO server name or IP address from user.

            string ePOServer = "";

            Console.Write("Enter ePO Server name or IP address:  ");

            ePOServer = Console.ReadLine();

            while (ePOServer == "")

            {

                Console.Write("Enter ePO Server name or IP address:  ");

                ePOServer = Console.ReadLine();

            }

            //Collect ePO console port from user user.

            string ePOPort = "8443";

            Console.Write("Enter ePO Server port (Hit enter to use 8443):  ");

            if (Console.ReadLine() != "")

            {

                ePOPort = Console.ReadLine();

            }

            //Get ePO user name from user.

            string ePOUser = "";

            Console.Write("Enter ePO user name:  ");

            ePOUser = Console.ReadLine();

            while (ePOUser == "")

            {

                Console.Write("Enter ePO user name:  ");

                ePOServer = Console.ReadLine();

            }

            //Get ePO user password from user and mask input.

            string ePOPwd = "";

            Console.Write("Enter your ePO user password: ");

            ConsoleKeyInfo key;

            do

            {

                key = Console.ReadKey(true);

                if (key.Key != ConsoleKey.Backspace && key.Key != ConsoleKey.Enter)

                {

                    ePOPwd += key.KeyChar;

                    Console.Write("*");

                }

                else if (key.Key == ConsoleKey.Backspace)

                {

                    if (ePOPwd.Length > 0)

                    {

                        ePOPwd = ePOPwd.Substring(0, (ePOPwd.Length -1 ));

                        Console.Write("\b \b");

                    }

                }

            }

            // Stops Receving Keys Once Enter is Pressed

            while (key.Key != ConsoleKey.Enter);

            Console.WriteLine();

            //Get ePO Web API Command

            //use core.help if no command is entered.

            string ePOCmd = "";

            Console.Write("Enter Web API Command:  ");

            ePOCmd = Console.ReadLine();

            while (ePOCmd == "")

            {

                Console.Write("Please enter Web API Command:  ");

                ePOCmd = Console.ReadLine();

            }

        

            //Create web request to the ePO server along with the request parameters

            WebRequest request = WebRequest.Create("https://" + ePOServer + ":" + ePOPort + "/remote/" + ePOCmd);

            request.PreAuthenticate = true;

            request.Credentials = new NetworkCredential(ePOUser, ePOPwd);

            request.Timeout = 10000;

            //This ignores ssl certificate checking as ePO has self signed cert by default

            ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

           

            //Send the web request to ePO server and display the status response from the ePO server

            //if successful

            try

            {

                WebResponse response = request.GetResponse();

                Console.WriteLine(((HttpWebResponse)response).StatusDescription);

                // Get the stream containing content returned by the ePO server.

                Stream dataStream = response.GetResponseStream();

                // Open the stream using a StreamReader for easy access.

                StreamReader reader = new StreamReader(dataStream);

                // Read the content from the ePO server into a string.

                string responseFromServer = reader.ReadToEnd();

                // Display the results of the command sent to the ePO server to the console.

                Console.WriteLine(responseFromServer);

                // Clean up the streams and the response.

                reader.Close();

                response.Close();

            }

            //Catch any exceptions fi the request to the ePO server failed.

            catch (WebException ex)

            {

                using (WebResponse response = ex.Response)

                {

                    HttpWebResponse httpResponse = (HttpWebResponse)response;

                    if (httpResponse == null)

                    {

                        Console.WriteLine("Error:  Server not responding");

                    }

                    else if (httpResponse != null)

                    {

                        Console.WriteLine("Error code: {0}", httpResponse.StatusCode);

                        using (Stream data = response.GetResponseStream())

                        {

                            string text = new StreamReader(data).ReadToEnd();

                            Console.WriteLine(text);

                        }

                    }

                }

            }

            //Hold console window open

            Console.WriteLine("Press the Enter key to exit...");

            Console.ReadLine();

        }

    }

}

That's excatly what I needed.

Thanks again.

I recently wrote a small application for the FDE recovery and McAfee API.  It alllows you to enter a system name and it will search and display all systems with that name.  It will show you the encryption status of all volumes.  It will allow you to save the current recovery key data as well as old keys.  If you would like I would be happy to share the source code.  All I ask is that if possible you share any changes and/or addditions

Could you use this to delete multiple systems from the tree which are listed in a CSV etc ???

I'll take a look but a quick answer will save me days

The explorer would not take a direct feed file and walk through them and delete the hosts.

ePO.API.Exxplorer is just a test harness to experiment with the API.

However, when you analyze the URL that it creates, it basically creates a URL like this and sends it to ePO.

https://epo:8443/remote/system.delete?names=computer1%2Ccomputer2%2Ccomputer3

If you have a small number of hosts, like 10 or so, you could probably just string them together in notepad and paste it into a browser to run.

If you have a longer list that you really want to iterate through, script something in python or even a batch file that does multiple calls using curl with the names=XXX and  and just repetitively run curl with each different name.

curl -k -u admin:password https://epo:8443/remote/system.delete?names=computer1

curl -k -u admin:password https://epo:8443/remote/system.delete?names=computer2

curl -k -u admin:password https://epo:8443/remote/system.delete?names=computer3

...

Thanks eelsasser.

I've used the explorer to remove 4 machines as a test and to get the command line that it uses.

Question - Whats the difference in creating a batch file to using the explorer ? I relaise the explorer wasn't created as a proper tool but if I can copy in the data in the correct format computer1,computer2,computer3 etc is there a risk in deleting 100 machines instead of 10?

cheers

If it works with that many hosts, go ahead and do it.

My only concern is that the browser might limit the length of a url and truncate or error.

It also isn't very scriptable if you need to do it regularly.

I see your point - didn't even think of that...thanks for you help...cool tool though

Having issues with the eeadmin.assignuser command.

@eelsasser @torrycampbell  Is there a requirement to use EEAdmin?

Has a newer version been created for ePO 5.1.1 I have found that much of the version 1.0.2.0 works fine but there are some commands that seem to fail intermittently and I am not sure if it may be related to the change in the ePO versions.

I, too, am using 5.1.1. I can't seem to get any command to work, which tells me that either A.) web api is disabled; B.) I don't have the permissions necessary; or C.) the tool is outdated, though I cant imagine that EVERYTHING would be outdated

Folks, as this is such an old thread you may get a better response by asking in the main ePO section: 

----

Peter

Moderator

Version history
Revision #:
1 of 1
Last update:
‎09-16-2011 12:06 PM
Updated by: