api Archives - Page 2 of 3

Authenticate against Micrsoft Partner Center API using Powershell

07/09/201707/01/2025
by Martin Ehrnst

Update 04.01.2019:
While the method described in this post still work. Microsoft are moving to what they call secure app model. Meaning that password grant is deprecated and you will need to use a refresh token model. I have written a new blog post, explaining the new model.

If you’re not familiar with the Microsoft Cloud Service Provider program it’s in short a program to easier let service providers manage their customers tenants and subscriptions within Azure and Office 365 from a centralized platform.

Apart from a very limited web portal it have a set of API’s and SDK’s to build your own solutions – wich I assume is prefered from Microsoft and the service provider. For a project I needed to authenticate against the REST API using Powershell and then retrieve some information about each tenant, who would have thought that could be so much work

Here’s what I said.

That’s fine, I will have it to you in an hour.

For your reference, this is the API I am working with: Partner Center Swagger

An hour later I did have authentication in place, but I was unable to retrieve any information from our customers. After digging through the documentation I found that the customer endpoints required “App + User Authentication” where I had only authenticated with AppId and App Secret.

After spending too much time decifer the C# examples on how you authenticate with app and user against the CSP Rest API i finally had a working Powershell function.

These are the steps required

Generate a token from Azure AD by calling https://login.microsoft.com/tenant-name/oauth/token
- Specified with the resource you want to access (partner center api), client id, username and password, correct grant type and scope
Use the AAD token to authenticate against partnercenter/generatetoken and recieve a correct User + App jwt_token
Use the jwt token to further authenticate against endpoints you preffer

If you ever find your self in a situation where you need to authenticate against the CSP REST API as app + user, here is a function to do it.

Be aware that the function does require a credential object, but when you atuhenticate against AAD the password is decoded and sent in the post request.

Automation

Update: SCOM web API

02/06/201707/01/2025
by Martin Ehrnst

Big updates:

I have made a lot of changes to the SCOM web API. As you can see from the picture above. Maintenance scheduling is added, which means you can create a new maintenance schedule in SCOM 2016. To the computer endpoints I have added the a possibility to get detailed information. This will list all related object to the server. Logical disks, network cards etc.

These are the API endpoints available at the moment:

Agents

Route	Description
[GET] API/Agents	Gets all agents
[GET] API/Agents/{id}	Get a single agent

Alerts

Route	Description
[GET] API/Alerts	Gets all open alerts
[GET] API/Alert/{id}	Get a single alert
[PUT] API/Alert	Update the specified alert with resolution state, TicketId
[GET] API/Alert/{ComputerName}	Get all alert from specific computer, use IncClosed=true to include open and closed alerts

Computer

Route	Description
[GET] API/Computer/Windows	Get all windows computers wit basic properties
[GET] API/Computer/Windows/{ComputerName}	Get A single windows computers with basic properties
[GET] API/Computer/Windows/{ComputerName}/Detailed	Get A single windows computers with hosted child objects
——	——
[GET] API/Computer/Linux	Get all Linux computers wit basic properties
[GET] API/Computer/Linux/{ComputerName}	Get A single Linux computer with basic properties
[GET] API/Computer/Linux/{ComputerName}/Detailed	Get A single Linux computers with hosted child objects

Maintenance

Route	Description
[POST] API/ComputerMaintenance	Put the specific computer object and all child in maintenance mode
[POST] API/ObjectMaintenance	Put the specific monitoring object and all child in maintenance mode
[POST] API/MaintenanceSchedule	Create a new maintenance schedule. SCOM 2016 ONLY

Object

Route	Description
[GET] API/MonitoringObject/{id}	Get a monitoring object and all child object

Examples

Create a new maintenance schedule by sending a post to /API/MaintenanceSchedule with a body including object id, start date and end date in UTC, optionally a comment.

#CREATE A MAINTENANCE SCHEDULE WITH TWO OBJECTS. Time in UTC

$body = @"
{
  "scheduleName": "new maintenance schedule",
  "id": "a43a5b09-5c32-8624-1427-73b8e1f05248",
  "StartTime": "2017-05-30T13:53:33.550Z",
  "EndTime": "2017-05-30T14:53:33.550Z",
  "comment": "TicketID"
}
"@


Invoke-RestMethod -Uri 'http://localhost:64049/API/MaintenanceSchedule' -Method Post -Body $body -UseDefaultCredentials -ContentType 'Application/json'

Get details/related object from a computer:

Invoke-RestMethod -Uri 'https://host/API/Computer/windows/computer.fqdn/Detailed' -UseDefaultCredentials

Which will return something like this. Notice the relatedObjectsCount and relatedObjects

Automation

Web API for System Center Operations Manager

05/05/201707/01/2025
by Martin Ehrnst

The SCOM web API is updated, see this post

You will always find the latest SCOM Web API release on GitHub

System Center Operations Manager (SCOM) is a widely used monitoring platform and one of its advatages is the ability to custom author monitoring through management pack development.
With a ‘cloud first’ approach most systems is able to do information exchange or integration through a web-based API, often reffered to as a REST API. SCOM have many ways to exchange information and the System Center Suite also have an integration platform call System Center Service Provide Foundation (SPF) which you can read more about here

To support a more light weight integration platform i decided to start my first C# project and develop a web-based API for SCOM that supported the daily used “functions”. Thanks to my colleague @RudiMartinsen i managed to create a working solution.

API Endpoints

[GET] Agents (Admin privileges required)
- Get all agents
- single based on Guid
[GET] Alerts
- Gets all alerts
- single based on Guid
- Single based on ComputerName
  - Include ‘closed’ with IncClosed=true
[PUT] Alerts
- Update a single alert with resolution state and/or ticket id
- Monitor generated alerts will be resett if 255 (closed) is sent as resolution state
[GET] WindowComputers
- Get all partial monitoring object from the Windows Computer class
- Single based on ComputerName
[POST] ComputerMaintenance*
- Maintenance mode a Windows Computer for a specific # minutes
[GET] MonintoringObject/{id}
- Get a single monitoring object based on ID (Guid)

I have uploaded the source project on GitHub and hopefully our community can continue to develop and introduce new features missing in this release.

Installation

There are two versions of the API. One without user impersonation and one where this is available. To install the version with user impersonation enabled. Do the following on a SCOM Management server

Download the project or .zip file from GitHub
Copy the required .dll from your management server (\Operations Manager\Server\SDK Binaries) to the web api Bin folder
- Microsoft.EnterpriseManagement.Core.dll
- Microsoft.EnterpriseManagement.OperationsManager.dll
- Microsoft.EnterpriseManagement.Runtime.dll
Create a new web site and set physical path to where you extracted the files

Enable windows authentication (and basic if you want)
Set your Application pool to use network service identity

Examples

Using powershell here are a few examples on how you can use the API

Get Alerts

#Get all alerts
Invoke-RestMethod -Uri 'http://localhost:64049/Api/alerts' -UseDefaultCredentials

#Get a single alert
Invoke-RestMethod -Uri 'http://localhost:64049/Api/alerts?id=4a6f29e3-f4b5-4883-a3f2-97eb3be50c12' -UseDefaultCredentials

#Get alerts specified with computername
Invoke-RestMethod -Uri 'http://localhost:64049/Api/alerts?ComputerName=COMPUTERNAME.fqdn' -UseDefaultCredentials

Put a computer in to maintenance

PS C:\Users\...> $json = @"
{
    "DisplayName": "COMPUTERNAME.fqdn",
    "Minutes": 10,
    "comment": "I believe this is working"
}
"@

Invoke-RestMethod -Method POST -Uri 'http://localhost:64049/API/ComputerMaintenance' -Body $json -UseDefaultCredentials -ContentType 'Application/json'

Returns

DisplayName           Minutes EndTime                      comment                  
-----------           ------- -------                      -------                  
COMPUTER NAME.fqdn      10 2017-05-05T08:42:56.5938294Z I believe this is working

Get a monitoring object

#Get a monitoring object
Invoke-restmethod -uri 'http://localhost:64049/API/MonitoringObject/cb191c1a-47dc-3c51-3686-9f66dd59f187' -UseDefaultCredentials


displayName : D:
healthState : Success
inMaintenance : False
stateLastModified : 23.03.2017 15.39.23
classes :
path : MyComputerHostingThisDisk.fqdn

Limitations*

SCOM .dll files will need to copied manually in to the web api application folder as I assume im not allowed to redestribute these.

Authenticate against Micrsoft Partner Center API using Powershell

Share this:

Update: SCOM web API

Big updates:

Agents

Alerts

Computer

Maintenance

Object

Examples

Share this:

Web API for System Center Operations Manager

API Endpoints

Installation

Examples

Get Alerts

Put a computer in to maintenance

Get a monitoring object

Limitations*

Share this: