Overview
The Command API is designed to send commands to your Remote Support site from an outside application. Commands can start or transfer a session, get a list of logged-in Representatives, or obtain a list of teams and issues. You can also check the health of your appliance, change an appliance's failover role, or get information about the permissions of the current API Account.
Authentication
The Remote Support Command APIs require OAuth 2 credentials for authentication. To authenticate to the API, you must create an API account on the /login > Management > API Configuration page. The account must have permission to access the Command APIs. Copy the OAuth Client ID and OAuth Client Secret values before saving the API Account. API requests require a token to be generated using this client id and secret and then submitted with each API request.
The OAuth Client Secret cannot be viewed again after the API Account has been saved, but it can be regenerated when you edit the API Account. Regenerating a client secret and then saving the account immediately invalidates any OAuth tokens associated with the account. Any API calls using those tokens are unable to access the API. A new token must be generated using the new client secret.
The command API URL is https://support.example.com/api/command/v2.
Create a token
Create a token by sending an HTTP POST request to the URL of your BeyondTrust Remote Support site followed by /oauth2/token:
https://support.example.com/oauth2/tokenThe OAuth client ID and client secret associated with the API account should be Base64 encoded and included in an HTTP basic authorization header:
Authorization: Basic <base64-encoded "client_id:secret">Include the following POST body in the request:
grant_type=client_credentialsIf the request is processed without error, you receive an access token JSON response:
{
"access_token": "<token>",
"token_type": "Bearer",
"expires_in": 3600
}This token expires after one hour. Any calls to the API past that point must have a new token. Each API account can have a maximum of 30 valid tokens. If an API account attempts to generate more than 30 tokens, then the oldest token is invalidated before a new one is generated.
Request an API resource
Now that you have an access token, you can make HTTPS requests to the Command APIs. The token obtained above must be included in an Authorization HTTP header with each request:
Authorization: Bearer <token>If the token is valid, you gain access to the requested URL.
Authentication errors
Requests made to the web API with expired or invalid tokens result in a JSON error response:
{
"error": "access_denied",
"message": "The resource owner or authorization server denied the request."
}When making consecutive API calls, you must close the connection after each API call.
Request rate limits
Requests are limited to 20 per second and 15,000 per hour. This limit applies to all API endpoints and is per API account. Responses include headers with the rate limit information: Example:
X-RateLimit-Limit: 15000
X-RateLimit-Remaining: 14996Required Request Headers
In addition to the Authorization header mentioned above for OAuth 2 authentication:
- for GET and DELETE requests, you must include an Accept header with the value application/json.
- for all other requests where you are sending a JSON request body, you must include a Content-Type header with a value of application/json.
HTTP Request Methods
The documentation below lists the allowed HTTP request methods for each API. Not all methods are allowed for all APIs.
All APIs that document GET requests also accept HEAD requests. Responses to HEAD requests never include a body. This might be useful if you only wish to use the HTTP status code to determine the existence of a resource or resources identified by the URI, and you do not need the response body.
In addition to the human-readable documentation for each API below, the OPTIONS method may be used with any URI to obtain the list of allowed HTTP methods for a given URI.
For example, the request
OPTIONS https://support.example.com/api/command/v2/userresponds with an Allow header containing a comma-separated list of the HTTP methods that can be used with that URI:
Allow: GET,HEADIf you attempt to use an HTTP method with an API that does not support that method, you receive an HTTP 405 "Method Not Allowed" response.
Common HTTP Status Codes
Individual APIs may provide specific documentation for certain status codes, but not all possible status codes are documented on every API. The following is a list of the HTTP status codes commonly returned by these APIs and what they usually mean.
| Status Code | Description |
|---|---|
| 200 | For a GET query, this indicates the query was successful, though the response may or may not include an empty resource array depending on whether your query parameters matched any resources. For a PATCH request, this indicates the resource was updated successfully, and the response should contain the updated resource object. |
| 204 | Indicates an operation—such as a DELETE—completed successfully. The response body should be empty. |
| 400 | For a GET operation, this indicates you supplied unrecognized query string parameters; for a POST or PATCH operation, this indicates you supplied unrecognized fields in the request body. Check the documentation to ensure all parameters are spelled correctly. |
| 403 | The API Account whose authentication credentials were used for the request does not have permission to use this API. Edit this account on the API Account page and ensure it has permission to use the Command APIs. |
| 404 | A request for a specific resource - usually by id - did not match any known resources. |
| 405 | Your request contained an HTTP method that is not supported for the URI of the request. The documentation below indicates which methods are allowed for each API endpoint. Methods that are not specifically documented are not allowed, except for HEAD and OPTIONS as mentioned in the HTTP Request Methods section above. |
| 422 | This can happen when attempting to create or update a resource with malformed data. The response body should contain a validation error dictionary indicating which fields are invalid and how they are invalid. |
| 500 | An internal server error occurred. Please contact BeyondTrust support. |
Date-Time Formatting and Time Zones
All date-time values should be in RFC3339 Internet Date-Time Format in UTC unless otherwise noted. When submitting date-time values to these APIs, milliseconds are optional and are ignored. A UTC timezone must be included to avoid ambiguity, represented with either the "Z" suffix or a "+00:00" offset suffix.
Valid Examples
- 2025-10-16T14:46:25.930+00:00
- 2026-10-16T14:46:23+00:00
- 2025-10-16T14:46:25.930Z
- 2026-10-16T14:46:23Z
Invalid Examples
- INVALID 2025-10-16T14:46:25.930: Missing timezone; not a valid RFC3339 string.
- INVALID 2026-10-16T14:46:23: Missing timezone; not a valid RFC3339 string.
- INVALID 2025-10-16T14:46:25.930-08:00: Non-UTC timezone; valid RFC3339 string but not allowed by these APIs.
- INVALID 2026-10-16T14:46:23+04:00: Non-UTC timezone; valid RFC3339 string but not allowed by these APIs.
Date-time strings in responses always include a "+00:00" timezone offset suffix - never a "Z" suffix.
Integers
Request body parameters that are marked as type "integer" must be supplied as actual JSON numbers, not strings containing a number. For example, if the documentation indicates a request body field named team_id is an integer, then the object {team_id: 42} is valid, but the object {team_id: "42"} is invalid.
Changes
From time to time, new fields may be added to existing API responses to support new features, without changing any existing fields. Ensure that your client code is written in such a way it can handle or ignore these minor additions to existing API responses.
Base Path
The base path on all API call URLs must be /api/command/v2. In the documentation below, the base path is omitted for brevity. When constructing the URL for a particular API, combine your hostname, the base path, and then the documented path of the API you wish to call. For example, the full URL for the API to get a user with a specific id is:
"https://" + "support.example.com" (hostname) + "/api/command/v2" (base path) + "/user/{id}" (API path)If you wanted to get the user with id 5, your final URL would be
<https://support.example.com/api/command/v2/user/5>Miscellaneous
GET /openapi.yaml
GET /openapi.yamlReturns a YAML document containing an OpenAPI specification for all available BeyondTrust Remote Support Command APIs. Many tools exist that can read this document and generate useful resources, such as:
- Client code for interacting with the API
- Various forms of API documentation
If you're reading this on a web page, the page was likely generated from a response to this API.
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/yaml | Returns an OpenAPI specification object. |
API Info
GET /info
GET /infoReturns general information about the Command APIs, such as version, as well as the permissions of the API Account whose credentials were used to authenticate the request.
Responses
| Status | Content-Type |
|---|---|
| 200 OK | application/yaml |
Schema
permissions object - The current API Account's permissions.
| Field | Type | Description |
|---|---|---|
perm_backup | boolean | Permission to use the Backup API |
perm_command | string | Command API access level: full_access, read_only, or deny |
perm_configuration | boolean | Permission to use the Configuration API |
perm_configuration_vault_account | boolean | Permission to manage Vault accounts via the Configuration API |
perm_ecm | boolean | Permission for use by an Endpoint Credential Manager client |
perm_real_time_state | boolean | Permission to use the Real-Time State API |
perm_reporting_archive | boolean | Permission to use the Archive Reporting API |
perm_reporting_asset | boolean | Permission to use the Asset Reporting API |
perm_reporting_license | boolean | Permission to use the License Usage Reporting API |
perm_reporting_session | boolean | Permission to view session reports and recordings |
perm_reporting_syslog | boolean | Permission to download Syslog reports |
perm_reporting_vault | boolean | Permission to run Vault Activity reports |
perm_vault_backup | boolean | Permission to back up the Vault encryption key |
Top-level fields
| Field | Type | Description |
|---|---|---|
current_time | string (date-time) | Server's current date and time in UTC |
command_api_version | string | Version of the Command API used for this request |
config_api_version | string | Latest supported version of the Configuration API |
reporting_api_version | string | Latest supported version of the Reporting API |
backup_api_version | string | Latest supported version of the Backup API |
realtime_state_api_version | string | Latest supported version of the Real-Time State API |
product | string | Appliance product type: rs (Remote Support) or pra (Privileged Remote Access) |
Health
GET /health
GET /healthReturns appliance health and status information needed for failover purposes.
If this request is sent more than once per minute, a cached response may be returned.
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | A healthy response. Returns a HealthBase object. |
| 500 Internal Server Error | application/json | An unhealthy response. Returns a HealthBase object combined with a MessageResponse containing an error message. Some fields may be null. |
Appliances
GET /appliance
GET /applianceReturns information about all configured appliances, including their failover role and cluster role.
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Returns an array of appliance objects. |
GET /appliance/client-count
GET /appliance/client-countGet a list of appliances along with counts for each type of client connected to that appliance.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
type | string | No | Filters results by client type. If omitted, all client types are returned. Allowed values: rep_console, asset_client, gateway |
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Returns an array of appliance objects, each including client counts per type. |
Clients
GET /client
GET /clientGet details of all connected BeyondTrust Remote Support clients, optionally filtered by client type.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
type | string | No | Filters results by client type. If omitted, all client types are returned. Allowed values: rep_console, asset_client, gateway |
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Returns an array of connected client objects. Each object is one of the following types depending on the client:
|
GET /client/{id}
GET /client/{id}Get details of a connected client identified by {id}.
The
idis only valid while the client is connected. Requests for a client that has since disconnected return404.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | integer | Yes | Unique identifier for the connected client. See ObjectId. |
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Returns an array of connected client objects. Each object is one of the following types depending on the client:
|
| 404 Not Found | application/json | No connected client was found with the given id. See 404NotFound. |
GET /client/{id}/connections
GET /client/{id}/connectionsGet a list of connections and an event log about those connections for the client with the given {id}.
The
idis only valid while the client is connected. Requests for a client that has since disconnected return404.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | integer | Yes | Unique identifier for the connected client. See ObjectId. |
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Returns an object with the following fields:
|
| 404 Not Found | application/json | No connected client was found with the given id. See 404NotFound. |
Sessions
POST /session-key
POST /session-keyCreates a new session key to be used in starting a support session.
Multiple Public SitesIf your appliance has multiple public sites, the session key may be associated with different sites depending on how the customer downloads the client:
- If the customer uses the generated URL, the session is associated with the site designated by the
url_hostnameparameter.- If the customer submits the key code on a public site manually, the session is associated with whichever site they used to submit it.
Request Body - application/json
Routing
Routing the session to a queue is optional. If used, only one of queue_type/queue_id, issue_code_name, or rep_username may be specified. They are mutually exclusive.
| Field | Type | Required | Description |
|---|---|---|---|
type | string | Yes | Type of session to generate a key for. Currently the only supported value is support. |
queue_type | string | No | Queue type to place the session in. Allowed values: rep, team, general. Cannot be used with issue_code_name or rep_username. |
queue_id | integer | No | Numeric ID of the rep or team queue. Also accepts rep_username:[username] (if the username is unique) or issue:[issue_code_name]. See GET /user for rep IDs and GET /team for team IDs. |
issue_code_name | string | No | Routes the session to the appropriate team based on the customer's issue code name. Cannot be used with queue_type/queue_id or rep_username. |
rep_username | string (max 255) | No | Places the session in a specific rep's queue by username. Cannot be used with queue_type/queue_id or issue_code_name. |
Session Options
| Field | Type | Required | Description |
|---|---|---|---|
external_key | string (max 1024) | No | Arbitrary string linking this session to an external system identifier, such as a help desk ticket ID. |
priority | integer (1–3) | No | Session priority. 1 = high, 2 = medium, 3 = low. |
skills | array of string | No | Code names of skills to assign to the session. |
ttl | integer | No | Time in seconds the key remains valid. Defaults to the maximum session key timeout configured in the administrative interface. |
url_hostname | string | No | Hostname to use in the generated session key URL. Determines which site the session is associated with when the customer uses the URL to download the client. |
custom_fields | object | No | Key/value pairs for custom fields. Fields must be configured in /login > Configuration > Custom Fields. Max 30 fields; max 1024 characters per value. |
Customer (optional)
| Field | Type | Description |
|---|---|---|
customer.name | string (max 100) | Customer name |
customer.company | string (max 100) | Customer's company name |
customer.company_code | string (max 100) | Customer's company code |
customer.details | string (max 1024) | Description of the customer's issue |
Responses
200 OK - application/json
| Field | Type | Description |
|---|---|---|
type | string | Session type. Currently always support. |
queue_type | string | Queue type the session is placed in: rep, team, or general. |
queue_id | integer | Numeric ID of the queue. |
queue_available | boolean | true if the targeted rep is logged in, or if at least one rep is logged in for the targeted team queue (or the queue is persistent). false if no rep is available. |
ttl | integer | Time in seconds the key is valid. |
external_key | string | External system identifier linked to this session. |
short_key | string (7 chars) | Seven-character code the customer enters on your public site to start a session. |
key_url | string | URL the customer can visit to start a session. |
expires | string (date-time) | Time at which the session key expires. |
mail_subject | string | Subject line for the session key email invitation. Static text — not configurable. |
| mail_body | string | Body of the session key email invitation. Static text — not configurable. |
422 Unprocessable Entity - One or more request parameters are invalid. See 422UnprocessableEntity.
GET /session/{lsid}
GET /session/{lsid}Returns attributes for an active support session identified by {lsid}.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
lsid | string | Yes | Unique identifier for the session. See LSID. |
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Returns an array of objects describing the session's attributes. |
PATCH /session/{lsid}
PATCH /session/{lsid}Set the external key or other custom attributes for an active support session identified by {lsid}. Each field is identified by its code name as configured in /login > Configuration > Custom Fields.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
lsid | string | Yes | Unique identifier for the session. See LSID. |
Request Body - application/json
A key/value object of custom field code names and their values.
Custom Fields
- Fields must be configured in
/login > Configuration > Custom Fieldsbefore use- Maximum of 30 fields per request
- Maximum of 1024 characters per value
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Session attributes updated successfully. See MessageResponse. |
| 400 Bad Request | application/json | Too many attributes were sent in the request. See MessageResponse. |
| 404 Not Found | No active session was found with the given lsid. See 404NotFound. | |
| 422 Unprocessable Entity | One or more request parameters are invalid. See 422UnprocessableEntity. |
DELETE /session/{lsid}
DELETE /session/{lsid}Terminates an active support session identified by {lsid}.
This action immediately terminates the session for all participants. It cannot be undone.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
lsid | string | Yes | Unique identifier for the session to terminate. See LSID. |
Responses
| Status | Description |
|---|---|
| 204 No Content | Session terminated successfully. No response body is returned. |
| 404 Not Found | No active session was found with the given lsid. See 404NotFound. |
POST /session/{lsid}/transfer/team/{id}
POST /session/{lsid}/transfer/team/{id}Transfer an active session from its current rep or team queue to the team queue identified by {id}.
Path Parameters
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Session transferred successfully. See MessageResponse. |
| 404 Not Found | The session or team queue was not found. See 404NotFound. | |
| 422 Unprocessable Entity | One or more path parameters are invalid. See 422UnprocessableEntity. |
POST /session/{lsid}/transfer/user/{id}
POST /session/{lsid}/transfer/user/{id}Transfer an active session from its current rep or team queue to the Representative identified by {id}.
Path Parameters
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Session transferred successfully. See MessageResponse. |
| 404 Not Found | The session or Representative was not found. See 404NotFound. | |
| 422 Unprocessable Entity | One or more path parameters are invalid. See 422UnprocessableEntity. |
POST /session/{lsid}/add/user/{id}
POST /session/{lsid}/add/user/{id}Add a logged-in Representative to an ongoing support session.
Path Parameters
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Representative added to the session successfully. See MessageResponse. |
| 404 Not Found | The session or Representative was not found. See 404NotFound. | |
| 422 Unprocessable Entity | One or more path parameters are invalid. See 422UnprocessableEntity. |
DELETE /session/{lsid}/user/{id}
DELETE /session/{lsid}/user/{id}Remove a Representative from an ongoing support session.
Path Parameters
Responses
| Status | Description |
|---|---|
| 204 No Content | Representative removed successfully. No response body is returned. |
| 404 Not Found | The session or Representative was not found. See 404NotFound. |
| 422 Unprocessable Entity | One or more path parameters are invalid. See 422UnprocessableEntity. |
DELETE /session/{lsid}/customer
DELETE /session/{lsid}/customerRemove the customer from the session identified by {lsid}.
Removing the customer ends their participation in the session. This action cannot be undone.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
lsid | string | Yes | Unique identifier for the session. See LSID. |
Responses
| Status | Description |
|---|---|
| 204 No Content | Customer removed successfully. No response body is returned. |
| 404 Not Found | No active session was found with the given lsid. See 404NotFound. |
| 422 Unprocessable Entity | One or more path parameters are invalid. See 422UnprocessableEntity. |
Users
GET /user
GET /userGet a list of all logged-in Representatives, both normal and invited.
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Returns an array of Representative objects. |
PUT /user/{id}/status
PUT /user/{id}/statusSet the status for a Representative logged into the Representative Console.
Rep statuses and their code names are defined in
/login > Configuration > Support Teams > Rep Status.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | integer | Yes | Unique identifier for the Representative. See ObjectId. |
Request Body - application/json
| Field | Type | Required | Description |
|---|---|---|---|
code_name | string | Yes | Code name of the status to set. See CodeName. |
Example Request
json
{
"code_name": "away"
}Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Representative status updated successfully. See MessageResponse. |
| 404 Not Found | No logged-in Representative was found with the given id. See 404NotFound. | |
| 422 Unprocessable Entity | One or more request parameters are invalid. See 422UnprocessableEntity. |
POST /user/{id}/logout
POST /user/{id}/logoutForce a logged-in Representative to log out.
This immediately terminates the Representative's console session. Any sessions they are participating in may be affected.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | integer | Yes | Unique identifier for the Representative to log out. See ObjectId. |
Responses
| Status | Description |
|---|---|
| 204 No Content | Representative logged out successfully. No response body is returned. |
| 404 Not Found | No logged-in Representative was found with the given id. See 404NotFound. |
| 422 Unprocessable Entity | One or more path parameters are invalid. See 422UnprocessableEntity. |
Chat Bots
POST /chat-message/session/{lsid}
POST /chat-message/session/{lsid}Send a chat message to all members of an existing session. Messages can be sent on behalf of a session participant, such as a customer or representative, or as a system message. This endpoint is commonly used by chat bots to forward end user messages to the representative.
LoggingMessages sent via this API include a special attribute in reports indicating which API Account sent them. Session participants are unaware the message came from an API Account unless they see it sent on their own behalf.
Real-Time Chat TranslationsMessages sent via this API are not affected by the Real-Time Chat Translations feature. All messages are rendered exactly as specified in the request — no translation is performed.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
lsid | string | Yes | Unique identifier for the session. See LSID. |
Request Body - application/json
| Field | Type | Required | Description |
|---|---|---|---|
body | string (max 2048) | Yes | The message content. Supports a subset of BBCode formatting (see below). |
impersonate | string | No | The session participant the message appears to come from. If omitted, the message is rendered as a system message. See impersonation values below. |
time | string (date-time) | No | The date-time the message was originally sent. Must be in the past. Defaults to the current time. |
BBCode Formatting
| Tag | Output |
|---|---|
[b]text[/b] | Bold |
[i]text[/i] | Italic |
[u]text[/u] | Underlined |
[color=blue]text[/color] or [color=#0000FF]text[/color] | Colored text |
[ul][li]item[/li][/ul] | Unordered list |
[url]https://example.com[/url] | Hyperlink |
Impersonation Values
| Value | Description |
|---|---|
"customer" | Message appears to come from the customer in the session |
"rep:<id>" | Message appears to come from the rep with the given numeric ID |
"rep_username:<username>" | Message appears to come from the rep with the given username |
Pattern: ^(customer|rep:\d+|rep_username:\S+)$
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Message sent successfully. See MessageResponse. |
| 422 Unprocessable Entity | One or more request parameters are invalid. See 422UnprocessableEntity. |
POST /chat-message/team/{id}
POST /chat-message/team/{id}Send a chat message to a logged-in member or all members of a support team. Messages can be sent on behalf of a team member or as a system message.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | integer or string | Yes | Unique ID or code name of the destination support team. See ObjectId or CodeName. |
Request Body - application/json
| Field | Type | Required | Description |
|---|---|---|---|
body | string (max 2048) | Yes | The message content. Supports a subset of BBCode formatting (see below). |
to_rep | integer | No | User ID of the specific team member to receive the message. If provided, the message displays as a private message from the rep specified in impersonate. Requires impersonate. If omitted, the message is sent to the entire team. See ObjectId. |
impersonate | integer | No | User ID of the team member the message appears to come from. If omitted, the message is rendered as a system message. See ObjectId. |
time | string (date-time) | No | The date-time the message was originally sent. Must be in the past. Defaults to the current time. |
to_repandimpersonateare interdependent — ifto_repis provided,impersonatemust also be provided.
BBCode Formatting
| Tag | Output |
|---|---|
[b]text[/b] | Bold |
[i]text[/i] | Italic |
[u]text[/u] | Underlined |
[color=blue]text[/color] or [color=#0000FF]text[/color] | Colored text |
[ul][li]item[/li][/ul] | Unordered list |
[url]https://example.com[/url] | Hyperlink |
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Message sent successfully. See MessageResponse. |
| 422 Unprocessable Entity | One or more request parameters are invalid. See 422UnprocessableEntity. |
POST /virtual-customer
POST /virtual-customerCreates a virtual customer in BeyondTrust Remote Support and places them in a new session. This is required for chat bot integrations so that BeyondTrust Remote Support can accurately display and log chat messages forwarded by the bot on behalf of the end user.
Before You BeginYou must call
POST /session-keyfirst to obtain ashort_keybefore calling this endpoint.
Request Body - application/json
| Field | Type | Description |
|---|---|---|
short_key | string | The short_key returned from POST /session-key. |
name | string | The customer's display name. |
ip_address | string | The customer's public IP address. |
operating_system | string | The customer's operating system. |
computer_name | string | The computer name to display with the customer. |
Optional Fields
| Field | Type | Default | Description |
|---|---|---|---|
chat_url | boolean | false | If true, the response URL starts a Click-To-Chat session instead of downloading the full customer client. |
locale | string | — | Locale code for the chat bot language. The language must be installed on your appliance. To check installed languages, go to /login > Localization > Languages. |
public_site | string | tv-next-rs.qabeyondtrustcloud.com | Hostname to use in the response URL. Defaults to the primary appliance hostname. |
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Virtual customer created successfully. |
| 422 Unprocessable Entity | One or more request parameters are invalid. See 422UnprocessableEntity. |
Response status 200 OK
| Field | Type | Description |
|---|---|---|
url | string | If chat_url was true, redirects to a Click-To-Chat session. Otherwise, downloads the full customer client. |
lsid | string | Unique identifier for the newly created session. See LSID. |
Teams
GET /team
GET /teamGet a list of all configured support teams.
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Returns an array of support team objects. If no teams have been configured, an empty array is returned. |
GET /team/{id}/issue
GET /team/{id}/issueGet a list of all issues configured for the team identified by {id}.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | integer or string | Yes | Unique ID or code name of the team. See ObjectId or CodeName. |
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Returns an array of issue objects configured for the given team. If no issues have been configured, an empty array is returned. |
GET /team/{id}/member
GET /team/{id}/memberList all Representatives who are members of the team identified by {id}.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | integer or string | Yes | Unique ID or code name of the team. See ObjectId or CodeName. |
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Returns an array of Representative objects for the given team. If the team has no members, an empty array is returned. |
Failover
POST /failover-role
POST /failover-roleSet the failover role of an appliance to either primary or backup.
This is a disruptive operation. Setting
data_sync_firsttotruedisconnects all users on the existing primary appliance and blocks all other operations until the swap is complete.
Request Body - application/json
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
role | string | Yes | — | The role to assign to the appliance. Allowed values: primary or backup. |
data_sync_first | boolean | No | false | If true, performs a data sync with the peer appliance before failing over. All users on the existing primary are disconnected during the sync and no other operations are available until the swap completes. |
force | boolean | No | false | Only applicable when contacting the primary appliance and setting its role to backup. If true, the appliance becomes the backup even if the peer cannot be contacted. |
Responses
| Status | Content-Type | Description |
|---|---|---|
| 200 OK | application/json | Failover role updated successfully. See MessageResponse. |
| 422 Unprocessable Entity | One or more request parameters are invalid. See 422UnprocessableEntity. | |
| 500 Internal Server Error | application/json | The failover operation failed for an unexpected reason. See MessageResponse. |
Schemas
ObjectId
A numeric identifier used throughout the API to reference resources such as Representatives, teams, and queues.
| Property | Value |
|---|---|
| Type | integer (int32) |
| Minimum | 1 |
| Maximum | 2147483647 |
ApplianceId
A GUID that uniquely identifies an appliance.
| Property | Value |
|---|---|
| Type | string |
| Pattern | ^[0-9a-fA-F]{32}$ |
Username
The username of a Representative.
| Property | Value |
|---|---|
| Type | string |
LSID
A string that uniquely identifies a session.
| Property | Value |
|---|---|
| Type | string |
| Pattern | ^[0-9a-fA-F]{32}$ |
CodeName
The code name of a resource. Must be unique.
| Property | Value |
|---|---|
| Type | string |
| Min Length | 0 |
| Max Length | 64 |
| Pattern | ^[a-zA-Z0-9_\-]+$ |
MessageResponse
A general success or failure message returned by many endpoints.
| Field | Type | Description |
|---|---|---|
message | string | A message describing the outcome of the request. |
ErrorBagResponse
Key/value pairs returned for input validation errors. Keys are request field names; values are arrays of error messages for that field.
| Property | Value |
|---|---|
| Type | object |
IPv4Address
| Property | Value |
|---|---|
| Type | string (ipv4) |
IPv6Address
| Property | Value |
|---|---|
| Type | string (ipv6) |
Client
Base schema shared by RepConsole, AssetClient, and Gateway.
| Field | Type | Required | Description |
|---|---|---|---|
id | integer (int32, 1–2147483647) | Yes | Unique identifier for the client. Valid only while the client is connected. |
type | string | Yes | Client type. Allowed values: rep_console, asset_client, gateway. |
hostname | string | Yes | Hostname of the client machine. |
platform | string | Yes | Operating system of the client machine. |
timezone_offset | string | Yes | Number of seconds the client machine is offset from UTC. |
RepConsole
Extends Client. Represents a Representative logged into the Representative Console.
| Field | Type | Description |
|---|---|---|
user_id | integer | The Representative's ID. See ObjectId. |
user_type | string | Account type: normal or invited. |
username | string | Username assigned to the Representative. |
private_display_name | string | The Representative's private display name. |
public_display_name | string | The Representative's public display name. |
start_session_url | string | URL that can be sent to a customer to start a session with this Representative. |
showing_on_rep_list | boolean | true if the Representative appears in the public site's Representative list. |
routing_idle | boolean | true if the Representative's status is idle. |
routing_busy | boolean | true if the Representative's status is busy. |
routing_status | string | Code name of the Representative's current status. See CodeName. |
routing_available | boolean | true if the Representative is available for automatic session assignment. |
session_count | integer | Number of sessions the Representative is currently participating in. |
session_lsids | array of string | LSID for each session the Representative is currently participating in. See LSID. |
The
private_display_nameandpublic_display_namefield descriptions appear transposed in the source. Verify the correct mapping in your environment.
AssetClient
Extends Client. Represents a non-interactive client connection.
| Field | Type | Description |
|---|---|---|
non_interactive | string | Indicates the session type: shell or rdp. If the session is neither, this field is not returned. |
lsid | string | Unique identifier for the session. See LSID. |
Gateway
Extends Client. No additional fields beyond the base Client schema.
HealthBase
Returned by GET /health. Contains appliance health and failover status information.
| Field | Type | Required | Nullable | Description |
|---|---|---|---|---|
version | string | Yes | No | BeyondTrust Remote Support product version. |
build | string | Yes | No | Product build number. |
appliance_hostname | string | Yes | No | Hostname of the appliance. |
appliance_id | string | Yes | No | Hostname of the appliance. |
cluster_role | string | Yes | No | The appliance's role in a cluster. Allowed values: single, primary, traffic. |
failover_role | string | Yes | No | The appliance's role in a failover relationship. Allowed values: none, primary, backup. |
enabled_shared_ips | array | Yes | Yes | IP addresses shared between primary and backup appliances. Each entry is an IPv4Address or IPv6Address. Not returned if no shared IPs are enabled. |
last_data_sync | string (date-time) | Yes | Yes | Date and time of the last data sync. Only populated on the primary appliance; null otherwise. |
last_data_sync_status | string | Yes | Yes | Status of the last data sync. Only populated on the primary appliance; null otherwise. |
Parameters
IdParam
A reusable path parameter used across endpoints to identify a specific resource by its numeric ID.
| Property | Value |
|---|---|
| In | path |
| Type | integer |
| Required | Yes |
| Schema | ObjectId |
Responses
404NotFound
| Status | Content-Type | Description |
|---|---|---|
| 404 Not Found | application/json | The specified resource was not found. See MessageResponse. |
422UnprocessableEntity
| Status | Content-Type | Description |
|---|---|---|
| 422 Unprocessable Entity | application/json | One or more request parameters are invalid. The response body contains both a general error message and a validation error dictionary. |
| Field | Type | Description |
|---|---|---|
message | string | A general description of the error. See MessageResponse. |
errors | object | Key/value pairs where keys are field names and values are arrays of validation error messages for that field. See ErrorBagResponse. |
Example Response
json
{
"message": "Validation failed.",
"errors": {
"queue_id": ["The queue_id field must be an integer."],
"priority": ["The priority field must be between 1 and 3."]
}
}