API Reference

SlimRMM provides a comprehensive REST API for integration with your tools and workflows.

Base URL

All API endpoints are prefixed with /api/v1/:

https://your-server.com/api/v1/

Authentication

Bearer Token

Most endpoints require JWT authentication:

bash

curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  https://your-server.com/api/v1/agents/

Obtaining Tokens

bash

# Login
curl -X POST https://your-server.com/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username": "admin", "password": "your_password"}'

# Response
{
  "access_token": "eyJ...",
  "refresh_token": "eyJ...",
  "token_type": "bearer"
}

Refreshing Tokens

bash

curl -X POST https://your-server.com/api/v1/auth/refresh \
  -H "Authorization: Bearer YOUR_REFRESH_TOKEN"

Response Format

All responses are JSON:

json

{
  "data": { ... },
  "message": "Success",
  "status": "ok"
}

Error Response

json

{
  "detail": "Error message",
  "status": "error",
  "code": "ERROR_CODE"
}

HTTP Status Codes

Code	Description
200	Success
201	Created
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
422	Validation Error
429	Rate Limited
500	Server Error

Rate Limiting

Default: 60 requests per minute per IP.

Headers returned:

X-RateLimit-Limit: Maximum requests
X-RateLimit-Remaining: Remaining requests
X-RateLimit-Reset: Reset timestamp

Pagination

List endpoints support pagination:

bash

GET /api/v1/agents/?page=1&per_page=50

Response includes:

json

{
  "items": [...],
  "total": 150,
  "page": 1,
  "per_page": 50,
  "pages": 3
}

Filtering & Sorting

bash

# Filter by status
GET /api/v1/agents/?status=online

# Sort by field
GET /api/v1/agents/?sort_by=hostname&sort_order=asc

# Search
GET /api/v1/agents/?search=web-server

API Endpoints Overview

Authentication

POST /auth/login - User login
POST /auth/refresh - Refresh token
POST /auth/logout - Revoke tokens
POST /auth/forgot-password - Password reset

Agents

GET /agents/ - List agents
GET /agents/{uuid} - Get agent details
POST /agents/register - Register new agent
POST /agents/{uuid}/action - Execute action
DELETE /agents/{uuid} - Remove agent

Policies (Patch Management)

GET /policies/ - List policies
POST /policies/ - Create policy
PUT /policies/{id} - Update policy
DELETE /policies/{id} - Delete policy
POST /policies/{id}/execute - Execute policy

Scripts

GET /scripts/ - List scripts
POST /scripts/ - Create script
POST /scripts/{id}/execute - Execute script

Users

GET /users/ - List users
POST /users/ - Create user
PUT /users/{id} - Update user
DELETE /users/{id} - Delete user

Integrations

GET /integrations/ - List integrations
PUT /integrations/smtp - Configure SMTP
PUT /integrations/pushover - Configure Pushover

Interactive Documentation

When running in debug mode, interactive docs are available:

Swagger UI: https://your-server.com/docs
ReDoc: https://your-server.com/redoc
OpenAPI JSON: https://your-server.com/openapi.json

SDK & Libraries

Python

python

import requests

class SlimRMMClient:
    def __init__(self, base_url, username, password):
        self.base_url = base_url
        self.session = requests.Session()
        self._login(username, password)

    def _login(self, username, password):
        response = self.session.post(
            f"{self.base_url}/api/v1/auth/login",
            json={"username": username, "password": password}
        )
        token = response.json()["access_token"]
        self.session.headers["Authorization"] = f"Bearer {token}"

    def get_agents(self, **params):
        return self.session.get(
            f"{self.base_url}/api/v1/agents/",
            params=params
        ).json()

# Usage
client = SlimRMMClient("https://rmm.example.com", "admin", "password")
agents = client.get_agents(status="online")

JavaScript/TypeScript

typescript

class SlimRMMClient {
  private baseUrl: string;
  private token: string | null = null;

  constructor(baseUrl: string) {
    this.baseUrl = baseUrl;
  }

  async login(username: string, password: string): Promise<void> {
    const response = await fetch(`${this.baseUrl}/api/v1/auth/login`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ username, password })
    });
    const data = await response.json();
    this.token = data.access_token;
  }

  async getAgents(): Promise<Agent[]> {
    const response = await fetch(`${this.baseUrl}/api/v1/agents/`, {
      headers: { 'Authorization': `Bearer ${this.token}` }
    });
    return response.json();
  }
}

Next Steps

Authentication - Detailed auth documentation
Agents API - Agent management endpoints
Policies API - Patch policy endpoints
WebSocket API - Real-time communication

API Reference ​

Base URL ​

Authentication ​

Bearer Token ​

Obtaining Tokens ​

Refreshing Tokens ​

Response Format ​

Error Response ​

HTTP Status Codes ​

Rate Limiting ​

Pagination ​

Filtering & Sorting ​

API Endpoints Overview ​

Authentication ​

Agents ​

Policies (Patch Management) ​

Scripts ​

Users ​

Integrations ​

Interactive Documentation ​

SDK & Libraries ​

Python ​

JavaScript/TypeScript ​

Next Steps ​

API Reference

Base URL

Authentication

Bearer Token

Obtaining Tokens

Refreshing Tokens

Response Format

Error Response

HTTP Status Codes

Rate Limiting

Pagination

Filtering & Sorting

API Endpoints Overview

Authentication

Agents

Policies (Patch Management)

Scripts

Users

Integrations

Interactive Documentation

SDK & Libraries

Python

JavaScript/TypeScript

Next Steps