Web SDK Getting Started - Genetec/DAP GitHub Wiki

Getting started with Security Center Web SDK

The Security Center Web SDK is an HTTP-based API that allows applications to interact with Security Center over HTTP. It provides an interface for managing entities, monitoring events, and executing operations within your Security Center system.

What is the Web SDK?

The Web SDK is a specialized Security Center role that acts as an HTTP API gateway. It allows HTTP clients to interact with Security Center using standard HTTP requests.

Key capabilities:

  • Entity management: Create, read, update, and delete Security Center entities (cardholders, credentials, visitors, access rules, etc.)
  • Real-time events: Subscribe to and receive live event streams
  • Report execution: Query and filter historical events
  • Alarm operations: Trigger and acknowledge alarms
  • Custom operations: Execute actions and macros

Architecture overview

Understanding how the Web SDK works will help you build robust integrations.

Connection flow

flowchart LR
    subgraph App[Your Application]
        A1[HTTP API calls]
        A2[JSON/XML responses]
    end

    subgraph WebSDK[Web SDK Role]
        W1[Session Management]
        W2[Query Processing]
    end

    subgraph SC[Security Center Directory]
        S1[Entity Storage]
        S2[Event System]
    end

    App -->|HTTP/HTTPS| WebSDK --> SC
Loading

How it works:

  1. Your application makes HTTP requests to the Web SDK Role
  2. Web SDK Role authenticates your requests and creates a session
  3. Session maintains a connection to Security Center and caches data for performance
  4. Security Center processes operations and returns results through the Web SDK

Important

Your application connects only to the Web SDK Role, not directly to the Security Center Directory server. The Web SDK handles all communication with Security Center on your behalf.

The Web SDK does not support cross-origin requests from browsers. Browser JavaScript cannot call the Web SDK directly. To build a browser-based application, route Web SDK requests through your own backend server acting as a proxy.

If SSL is enabled on the Web SDK role, the server presents a self-signed certificate by default. Your HTTP client will refuse to connect until you explicitly handle this. See TLS certificate for your options.

Sessions explained

When you make your first authenticated request, the Web SDK creates a session for you. This session:

  • Maintains your connection to Security Center
  • Tracks subscriptions to real-time events
  • Persists your context like creation partition settings

How sessions are identified:

Sessions are tied to the unique combination of (credentials + Application ID + Web SDK instance).

Important

Multiple client applications using the same credentials and Application ID connecting to the same Web SDK instance will share the same session.

Shared session example:

Client A: user1 + appID1 → http://server:4590/WebSdk/
Client B: user1 + appID1 → http://server:4590/WebSdk/

Result: Both clients share one session

Implications of shared sessions:

  • Settings configured by Client A (like /creationpartition) affect Client B
  • Event subscriptions from Client A are shared with Client B
  • Session timeout is reset by activity from either client
  • Both clients see the same session state

Separate sessions (load balancing):

When connecting to different Web SDK instances, sessions are completely independent:

Client A: user1 + appID1 → http://server1:4590/WebSdk/  (Session 1)
Client B: user1 + appID1 → http://server2:4590/WebSdk/  (Session 2)

Result: Two separate sessions

Session lifecycle:

Event Behavior
First request Session created, connection established to Security Center
Subsequent requests Session reused, cached data returned when available
5 minutes of inactivity Session expires and is cleaned up
Any request Resets the 5-minute inactivity timer
Event subscription with open stream Automatic keep-alive every 1 minute (session never expires)

Important

Settings like /creationpartition are session-specific. After 5 minutes of inactivity the session ends and these settings are cleared. Always call /creationpartition before operations if your session may have expired.

Authentication

The Web SDK uses HTTP Basic Authentication with a specific credential format that includes your SDK certificate.

Authentication format

Every request must include an Authorization header with the following format:

Authorization: Basic [Base64-encoded credentials]

The credentials before Base64 encoding must follow this format:

username;applicationId:password

Where:

  • username = Security Center user's username
  • applicationId = Your SDK certificate's Application ID
  • password = Security Center user's password

Requirements

User account:

  • Must be a local Security Center user (Active Directory users cannot log on to the Web SDK)
  • Must have the "Log on using the SDK" privilege enabled

SDK certificate:

  • Required for all Web SDK connections
  • Must be included in your Security Center license
  • Application ID must match your environment type:
    • Development systems: Use development certificate
    • Demo/Production systems: Use production certificate (request via DAP program)

Certificate mismatch: Using a development certificate on a production system (or vice versa) will always result in HTTP 403 Forbidden errors.

Step-by-step authentication

1. Obtain your credentials:

  • Username: apiuser
  • Password: mypassword
  • Application ID: KxsD11z743Hf5Gq9mv3+5ekxzemlCiUXkTFY5ba1NOGcLCmGstt2n0zYE9NsNimv

2. Combine into credential string:

apiuser;KxsD11z743Hf5Gq9mv3+5ekxzemlCiUXkTFY5ba1NOGcLCmGstt2n0zYE9NsNimv:mypassword

3. Base64 encode the string:

YXBpdXNlcjtLeHNEMTF6NzQzSGY1R3E5bXYzKzVla3h6ZW1sQ2lVWGtURlk1YmExTk9HY0xDbUdzdHQybjB6WUU5TnNOaW12Om15cGFzc3dvcmQ=

4. Include in HTTP header:

Authorization: Basic YXBpdXNlcjtLeHNEMTF6NzQzSGY1R3E5bXYzKzVla3h6ZW1sQ2lVWGtURlk1YmExTk9HY0xDbUdzdHQybjB6WUU5TnNOaW12Om15cGFzc3dvcmQ=

Example authentication requests

Using curl:

curl -X GET "https://server:4590/WebSdk/" \
  -H "Authorization: Basic YXBpdXNlcjtLeHNEMTF6NzQzSGY1R3E5bXYzKzVla3h6ZW1sQ2lVWGtURlk1YmExTk9HY0xDbUdzdHQybjB6WUU5TnNOaW12Om15cGFzc3dvcmQ=" \
  -H "Accept: text/json"

Important

When using curl for POST or PUT requests without a request body, include the Content-Length: 0 header. Without this header, requests will fail with HTTP 411 "Length Required" error.

curl -X POST "https://server:4590/WebSdk/action?q=UnlockDoor({door-guid})" \
  -H "Authorization: Basic ..." \
  -H "Accept: text/json" \
  -H "Content-Length: 0"

Security considerations

Credential protection:

  • Basic Authentication only Base64-encodes credentials (not encrypted)
  • Always use HTTPS in production to protect credentials in transit

Session security:

  • Sessions are tied to (credentials + Application ID + Web SDK instance) combination
  • Multiple client applications using the same credentials connecting to the same Web SDK instance will share the same session
  • Shared sessions mean shared state and shared settings (like /creationpartition)
  • Use separate user accounts or different Application IDs when session isolation is needed on the same instance

Your first API call

Let's walk through making your first Web SDK request to verify your setup.

Step 1: Test connectivity

The simplest API call tests if the Web SDK role is online:

curl -X GET "https://your-server:4590/WebSdk/" \
  -H "Authorization: Basic [your-encoded-credentials]" \
  -H "Accept: text/json"

Expected response (HTTP 200):

{
  "Rsp": {
    "Status": "Ok"
  }
}

Common errors:

  • Connection refused: Web SDK role is not running, or the firewall is blocking port 4590
  • HTTP 401: Missing Authorization header or unsupported authentication scheme
  • HTTP 403: Invalid credentials, user lacks "Log on using the SDK" privilege, or certificate type mismatch

Having connection or authentication issues? See the Troubleshooting Guide for detailed solutions.

Step 2: Query an entity

Let's retrieve information about a specific cardholder:

curl -X GET "https://your-server:4590/WebSdk/entity?q=entity={cardholder-guid},Name,FirstName,LastName,EmailAddress" \
  -H "Authorization: Basic [your-encoded-credentials]" \
  -H "Accept: text/json"

Response:

{
  "Rsp": {
    "Status": "Ok",
    "Result": {
      "Name": "John Doe",
      "FirstName": "John",
      "LastName": "Doe",
      "EmailAddress": "[email protected]"
    }
  }
}

What this demonstrates:

  • Field projection (requesting specific fields)
  • Entity querying by GUID
  • Session creation (first request creates your session)
  • Response format

Step 3: Search for entities

Search for all active cardholders whose first name contains "John":

curl -X GET "https://your-server:4590/WebSdk/report/CardholderConfiguration?q=FirstName=John,FirstNameSearchMode=Contains,AccessStatus@Active,Page=1,PageSize=10" \
  -H "Authorization: Basic [your-encoded-credentials]" \
  -H "Accept: text/json"

Response:

{
  "Rsp": {
    "Status": "Ok",
    "Result": [
      {"Guid": "12345678-1234-1234-1234-123456789abc"},
      {"Guid": "87654321-4321-4321-4321-cba987654321"}
    ]
  }
}

What this demonstrates:

  • Report endpoint usage
  • Filtering and search modes
  • Pagination
  • Returns GUIDs (use with /entity endpoint to get full details)

Response format

All Web SDK responses follow a consistent structure.

Standard response structure

{
  "Rsp": {
    "Status": "Ok|Partial|Fail|TooManyResults",
    "Result": { /* response data or error details */ }
  }
}

Status values:

Status Description
Ok Request completed successfully
Partial Request partially succeeded (e.g., in a federated system, one server did not respond)
Fail Request failed. Check the Result object for details
TooManyResults Query exceeded the result limit. For entity configuration queries, use pagination to retrieve remaining results. For activity reports, refine your search criteria (narrower time range, more specific filters) or increase MaximumResultCount

Important

The Web SDK returns HTTP 200 for most requests, including failures. Always check Rsp.Status in the response body to determine the actual result of your request. Do not rely solely on the HTTP status code.

Failure response example:

{
  "Rsp": {
    "Status": "Fail",
    "Result": {
      "SdkErrorCode": "UnableToRetrieveEntity",
      "Message": "Could not get the entity, does it exists? Guid: 00000000-0000-0000-0000-000000000099"
    }
  }
}

Content types

The Web SDK supports both JSON and XML responses. Control the format using the Accept header:

Accept Header Format Performance Recommendation
text/json JSON Fastest Use this
application/jsonrequest JSON (legacy) Slower For legacy compatibility (SC 5.7 and earlier)
text/xml XML Slower When XML required
application/xml XML Slower For legacy compatibility
*/* XML Slower Default (not recommended)

Recommendation: Always use Accept: text/json for best performance.

Note

The legacy JSON media type is application/jsonrequest, not application/json. If you send Accept: application/json, the server can fall back to XML.

HTTP status codes

The Web SDK uses HTTP status codes primarily for transport-level errors. Business logic errors return HTTP 200 with failure details in the response body.

Status Code When Returned
200 OK All successful requests and most business logic failures. Check Rsp.Status for actual result
301 Moved Permanently GET /events redirects to the streaming endpoint on the streaming port
401 Unauthorized Missing Authorization header or unsupported authentication scheme
403 Forbidden Invalid credentials, user lacks required privileges, certificate type mismatch, or license connection limit exceeded
404 Not Found Resource not found (e.g., task with unknown type or name)
411 Length Required POST or PUT request without a Content-Length header
414 URI Too Long Query string exceeds maximum URL length
500 Internal Server Error Catastrophic server error (check Web SDK role logs)

Important

The Web SDK intentionally returns HTTP 200 for most operations, even failures. This design ensures clients always receive a parseable response body with error details. Always check Rsp.Status in the response body to determine success or failure.

Web SDK role setup

Before using the Web SDK, you need to create an instance of the Web-based SDK role. The Web SDK role is the web API server.

Procedure

  1. From the Config Tool home page, open the System task and click the Roles view.

  2. Click Add an entity and select Web-based SDK.

  3. In the "Creating a role: Web-based SDK" dialog, specify the role information:

    1. Select the Server that will host the role.
    2. Click Next.
    3. Enter the Entity name.
    4. Enter the Entity description.
    5. If you use partitions, select a Partition for the role. Partitions are logical groupings used to control the visibility of entities. Only users of the specified partition can view or modify the role.
    6. Click Next.
    7. On the Creation summary page, review the information and then click Create or Back to make changes. The following message is displayed after creating the Web-based SDK role: The operation was successful.
    8. Click Close.

Configuration tabs

You configure the settings of the Web-based SDK role from the Roles view of the System task in Security Center Config Tool.

Properties tab

Click the Properties tab to configure the web API server settings.

  • Port: This port is used for API requests. The default value is 4590.
  • Streaming port: This port is used to stream real-time events. The default value is 4591.
  • Base URI: The base URL used for API requests. The default value is WebSdk.
  • Use SSL connection: When enabled, the web service address uses HTTPS instead of HTTP. Although the label mentions SSL, the Web-based SDK role only supports TLS 1.2 and newer.

TLS certificate

The Web SDK uses the same TLS certificate as the Security Center server hosting the role. By default, Security Center installs with a self-signed certificate.

Tip

To use a different TLS certificate for the Web SDK without changing the main server certificate, host the Web SDK role on a dedicated expansion server and configure that server with the desired certificate through Server Admin.

TLS version requirements:

  • Minimum version: TLS 1.2
  • Not supported: TLS 1.0, TLS 1.1

Clients must support TLS 1.2 or newer to connect to the Web SDK over HTTPS.

Self-signed certificate behavior

Warning

If SSL is enabled, your client will almost certainly fail to connect on the first attempt. This is not a bug. Read this section before writing any connection code.

Because the default certificate is self-signed, no public Certificate Authority has verified it. Every HTTP client, whether it is a mobile app, a Python script, a Java application, or a .NET service, refuses to connect to a server presenting an untrusted certificate. The connection fails before any data is exchanged.

This is expected behavior. It is not a problem with Security Center. It requires a deliberate configuration step on your side before you can connect.

Option 1: Disable certificate verification in your HTTP client

Every HTTP client has a setting to skip certificate verification. Use this only on a private, isolated network.

curl:

curl -k https://YOUR-SERVER:4590/WebSdk/

Python:

requests.get("https://YOUR-SERVER:4590/WebSdk/", verify=False)

C# (.NET):

var handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
var client = new HttpClient(handler);

Java:

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{new X509TrustManager() {
    public void checkClientTrusted(X509Certificate[] chain, String authType) {}
    public void checkServerTrusted(X509Certificate[] chain, String authType) {}
    public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; }
}}, new SecureRandom());
HttpClient client = HttpClient.newBuilder().sslContext(sslContext).build();

Node.js:

const https = require("https");
const agent = new https.Agent({ rejectUnauthorized: false });
fetch("https://YOUR-SERVER:4590/WebSdk/", { agent });

Note

Disabling certificate verification means your client will not verify the identity of the server. If your network is exposed to the internet, consider installing the certificate in your trusted store or replacing it with a CA-signed certificate instead.

Option 2: Install the Security Center certificate in your client's trusted store

Export the certificate from the Security Center server and install it in the trusted certificate store on every machine that connects to the Web SDK. Once installed, your HTTP client treats the certificate as trusted and connects without errors.

Installing the certificate on the Security Center server does not make client machines trust it. It must be installed on each connecting device, or distributed through a device management tool.

Option 3: Replace the default certificate with a CA-signed certificate

Replace the default self-signed certificate on the Security Center server with one issued by a trusted Certificate Authority. The TLS certificate is configured through Server Admin on the machine hosting the Security Center server. Once replaced, clients connect without any additional configuration.

Common certificate error messages

If your client throws one of these errors, the cause is the untrusted certificate. The fix is on your side, not on the server.

  • SSL certificate problem: self-signed certificate
  • SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
  • The remote certificate is invalid according to the validation procedure
  • NET::ERR_CERT_AUTHORITY_INVALID
  • Your connection is not private

Endpoint format

The configuration values determine the URL that applications use to connect to the Web SDK:

https://{server}:{port}/{base-uri}/
  • {server} is the hostname or IP address of the server hosting the Web SDK role.
  • {port} is the API port (default 4590).
  • {base-uri} is the base URI (default WebSdk).

For example:

  • Without TLS: http://{server}:4590/WebSdk/

  • With TLS enabled: https://{server}:4590/WebSdk/

Security recommendation: Always use HTTPS (TLS) in production environments to protect authentication credentials and sensitive data.

Note

The base URI is required. Requests to http://server:4590/ without the base URI path return HTTP 404 Not Found.

Resources tab

Click the Resources tab to configure the servers assigned to this role.

  • Servers: Defines which servers host the Web-based SDK role. You can assign one or more servers to provide failover capability.

SDK connection licensing

Your Security Center license specifies the number of concurrent SDK connections allowed. Understanding how connections are counted is critical for license compliance and capacity planning.

How connections are counted:

Each unique combination of (credentials + Application ID + Web SDK instance) counts as one concurrent connection against your license.

Important

The same user + Application ID connecting to different Web SDK instances counts as multiple connections.

Example scenarios:

  1. Multiple clients, same credentials, same Web SDK instance:

    Client A: user1 + appID1 → http://server:4590/WebSdk/
Client B: user1 + appID1 → http://server:4590/WebSdk/

Total = 1 connection (shared session)

    Both clients share the same session.

  2. Single client, load balancing across 3 Web SDK instances:

    user1 + appID1 → http://server1:4590/WebSdk/ = 1 connection
user1 + appID1 → http://server2:4590/WebSdk/ = 1 connection
user1 + appID1 → http://server3:4590/WebSdk/ = 1 connection

Total = 3 connections (separate sessions)

    Even though you're using the same credentials, each Web SDK instance has its own session.

  3. Different users on the same instance:

    user1 + appID1 → http://server:4590/WebSdk/ = 1 connection
user2 + appID1 → http://server:4590/WebSdk/ = 1 connection

Total = 2 connections (separate sessions)

  4. Different Application IDs on the same instance:

    user1 + appID1 → http://server:4590/WebSdk/ = 1 connection
user1 + appID2 → http://server:4590/WebSdk/ = 1 connection

Total = 2 connections (separate sessions)

Session and connection comparison:

Scenario Sessions Connections
2 clients, same credentials, same instance 1 shared 1
2 clients, same credentials, different instances 2 separate 2
2 clients, different users, same instance 2 separate 2
2 clients, different Application IDs, same instance 2 separate 2

License capacity planning:

If your license allows 5 concurrent SDK connections, you can have up to 5 different (user + Application ID + Web SDK instance) combinations connected simultaneously.

Load balancing impact:

When implementing load balancing with multiple Web SDK instances:

  • Each instance connected with the same credentials consumes one license connection
  • If you load balance across 3 instances with the same user + Application ID, you consume 3 connections
  • Plan your license capacity accordingly when deploying multiple Web SDK instances

Connection limit exceeded:

When the license connection limit is reached, new connection attempts will fail with HTTP 403 Forbidden.

Example:

  • License allows 5 concurrent connections
  • 5 connections are currently active
  • A 6th connection attempt returns HTTP 403

High availability and load balancing

Security Center supports role failover and multiple Web SDK instances for high availability and scalability. However, it is critical to understand that your client application is responsible for managing connections in both scenarios.

Failover

How failover works:

Role failover is a backup operating mode managed by the Security Center Directory. When you assign multiple servers to a Web SDK role:

  1. Primary server - The role normally runs on this server
  2. Secondary servers - Standby servers that can take over if the primary fails
  3. Automatic switchover - When the primary server goes down (failure or maintenance), the Directory automatically transfers the role to the next available secondary server in the failover list

Important

Security Center does NOT automatically redirect your API requests to the failover server. When failover occurs:

  • The Directory switches the role to a secondary server
  • Your client application must detect the connection failure
  • Your client application must reconnect to the new active server
  • There is no automatic request redirection

Implementation requirements:

Your client application must implement:

  • Connection retry logic to detect when the primary server is unavailable
  • Discovery mechanism to identify which server is currently hosting the active role
  • Automatic reconnection to the new active server
  • Session re-establishment (re-authentication, re-subscribe to events, etc.)

Load balancing

Multiple Web SDK role instances:

For scalability, you can create multiple independent Web-based SDK roles in the same Security Center system:

  • Same server with different ports:

    • Role 1: http://server:4590/WebSdk/
    • Role 2: http://server:4591/WebSdk/
    • Role 3: http://server:4592/WebSdk/

  • Different expansion servers:

    • Role 1: http://server1:4590/WebSdk/
    • Role 2: http://server2:4590/WebSdk/
    • Role 3: http://server3:4590/WebSdk/

  • Combination of both:

    • Role 1: http://server1:4590/WebSdk/
    • Role 2: http://server1:4591/WebSdk/
    • Role 3: http://server2:4590/WebSdk/

Important

Security Center does NOT automatically distribute or load balance requests across multiple Web SDK roles. Each role is completely independent. Your client application must:

  • Decide which Web SDK role instance to connect to
  • Distribute requests across multiple instances (if desired)
  • Implement your own load balancing strategy (round-robin, least-connections, etc.)
  • Manage separate sessions for each role instance

Summary

Feature What Security Center Does What Your Client Must Do
Failover Directory automatically switches role to secondary server when primary fails Detect connection failure, discover new active server, reconnect, and re-authenticate
Load Balancing Nothing - each Web SDK role is independent Choose which role instance to connect to, distribute requests, implement load balancing strategy

Key takeaway: Security Center provides the infrastructure (failover mechanism, multiple role support), but your client application is responsible for all connection management and request distribution logic.

Rate limiting

The Web SDK does not implement rate limiting. Your request throughput is limited only by:

  • Network bandwidth
  • Web SDK server resources (CPU, memory)
  • Security Center Directory capacity

Tools and resources

Postman collection

We provide a comprehensive Postman collection with example requests for all Web SDK endpoints:

Documentation: https://documenter.getpostman.com/view/26277955/2s9YeK5VtN

The collection includes:

  • Pre-configured authentication
  • Examples for all endpoint categories
  • Request templates you can customize
  • Collection variables for easy configuration

Testing tools

Recommended tools:

  • Postman - Full-featured API client with collection support
  • curl - Command-line testing and scripting

Next steps

Now that you understand the basics, explore these topics:

Web SDK endpoint reference

The Security Center Web SDK provides multiple endpoint categories for different operations. This reference shows all available endpoints organized by functional area.

Entity endpoints

Endpoint Method Purpose
/entity/exists/{id} GET Check if entity exists
/entity/{id} GET Get complete entity data
/entity/basic/{id} GET Get basic entity properties only
/entity?q={query} GET/POST Read, create, update and execute actions
/entity/{id} DELETE Delete entity

Events endpoints

Endpoint Method Purpose
/events GET Redirects to the streaming endpoint on the streaming port
/events/subscribe?q={query} GET Subscribe to events
/events/subscribed GET List current subscriptions
/events/unsubscribe?q={query} GET Unsubscribe from events
/events/closeconnection/{connectionId} POST Close streaming connection
/events/RaiseEvent/{eventType}/{entityId} POST Raise system event
/events/RaiseCustomEvent/{customEventId}/{entityId}/{message} POST Raise custom event
/events/alarmMonitoring/{onOrOff} POST Toggle alarm monitoring

Alarm endpoints

Endpoint Method Purpose
/alarm?q={query} GET Trigger alarms, acknowledge, check status
/activealarms GET Get list of active alarms

Report endpoints

Endpoint Method Purpose
/report/{reportType}?q={query} GET Execute reports with filters

Task operations

Endpoint Method Purpose
/tasks/public GET Get public saved tasks
/tasks/private GET Get private saved tasks
/tasks/execute/{guid} POST Execute saved task by GUID
/tasks/public/execute/{taskType}/{taskName} POST Execute public saved task
/tasks/private/execute/{taskType}/{taskName} POST Execute private saved task

Action endpoints

Endpoint Method Purpose
/action?q={query} POST Execute action manager operations

Macro endpoints

Endpoint Method Purpose
/activemacros GET Get running macros list
/activemacrosdetails GET Get detailed running macros info

Incident endpoints

Endpoint Method Purpose
/incident?q={query} PUT Create incidents
/incident?q={query} GET Read incidents
/incident/{incidentGuid} GET Get specific incident

Custom field endpoints

Endpoint Method Purpose
/customField/{entityId}/{customFieldName} GET Get custom field value
/customField/{entityId}/{customFieldName}/{value} PUT Set custom field value
/customField/{entityType}/{customFieldName}/{dataType}/{defaultValue} POST Create custom field
/customField/{entityType}/{customFieldName}/Encrypt/{dataType}/{defaultValue} POST Create encrypted custom field
/customField/{entityType}/{customFieldName} DELETE Delete custom field

Configuration operations

Endpoint Method Purpose
/ GET Test service online status
/GetWebTokenEncoded GET Get encoded web token
/GetWebTokenDecoded GET Get decoded web token
/creationpartition/{partitionIds} POST Set default creation partitions
/ignoreremoteexception/{state} POST Configure exception handling

CustomEntityType endpoints

Endpoint Method Purpose
/customEntityType/all GET Get all custom entity types
/customEntityType/{customEntityTypeDescriptorId} GET Get specific custom entity type
/customEntityType/{customEntityTypeDescriptorId} DELETE Delete custom entity type

Custom card format endpoints

Endpoint Method Purpose
/customCardFormats/all GET Get all custom card formats
/customCardFormats/getByName/{name} GET Get card format by name
/customCardFormats/getByFormatId/{formatId} GET Get card format by format ID
/customCardFormats/getById/{id} GET Get card format by ID
/customCardFormats/add POST Create new custom card format
/customCardFormats/updateByName/{name} PUT Update card format by name
/customCardFormats/updateByFormatId/{formatId} PUT Update card format by format ID
/customCardFormats/updateById/{id} PUT Update card format by ID
/customCardFormats/deleteByName/{name} DELETE Delete card format by name
/customCardFormats/deleteByFormatId/{formatId} DELETE Delete card format by format ID
/customCardFormats/deleteById/{id} DELETE Delete card format by ID
/customCardFormats/exportByName/{name} POST Export card format XML by name
/customCardFormats/exportByFormatId/{formatId} POST Export card format XML by format ID
/customCardFormats/exportById/{id} POST Export card format XML by ID

License usage endpoints

Endpoint Method Purpose
/licenseItemUsage GET Get license usage information
/licenseItemUsage/{name} GET Get specific license item usage
⚠️ **GitHub.com Fallback** ⚠️