This article will encompass all portalAPI calls that are related to /portalAPI/Computer/* endpoints
Be sure to input the instance your organization exists on for each call. This is indicated with the "INSTANCE" text in each endpoint. Linked here is a KB to find your instance:
Locating Your Organization's Instance | ThreatLocker Help Center
ComputerGetByAllParameters
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerGetByAllParameters
- Method: POST
- Description: This API gets all computers based on everything displayed on the Computers page. This is useful for displaying all the computers for an organization and their information and can include child organizations as well. Various parameters are described below that can be changed to search and sort much like you can on the Computers page itself in the portal.
- Description of what the body expects in each field.
- Action: Narrows the search to just the computers in the entered computer mode.
- Expects one of the following for viewing computer modes:
- Secure | Installation | Learning | MonitorOnly
- Expects one of the following for viewing the update channels for computers in addition to the "KindOfAction": "Update Channel":
- Manual Update | Pre-Releases | Regular | Expedited | Slow and Steady
- Expects one of the following for viewing computer modes:
- childOrganizations: Will determine whether the computers from all child organizations will be returned or not. When set to true, all computers from all child organizations, including grandchild organizations, will be returned.
- Expects: true or false
- computerGroup: If left as "computerGroup" : "00000000-0000-0000-0000-000000000000", this will return all computers according to the other parameters passed in. However, if looking for a specific computer group, the specific computerGroupId can be entered and only computers from the selected computer group will be returned. Multiple computerGroupId values cannot be entered.
- Expects a GUID in this format: "00000000-0000-0000-0000-000000000000"
- computerId: If left as "computerId" : "00000000-0000-0000-0000-000000000000", all computers as per the other parameters will be returned. However, if looking for a specific computer, the specific computerId can be entered and only the computer matching the computerId will be returned. Multiple computerId values cannot be entered.
- Expects a GUID in this format: "00000000-0000-0000-0000-000000000000"
- isAscending: Determines the order the computers are returned in the response. “IsAscending” : true will return the list in alphabetical order (A-Z), “IsAscending” : false will return the list alphabetical order (Z-A).
- Expects: true or false
- kindOfAction: Typically used in conjunction with the "Action" field.
- Expects one of the following: TamperProtectionDisabled | NeedsReview | ReadyToSecure | BaselineNotUploaded | Update Channel
- orderBy: Orders the computers that are returned based on what the input is from the below options.
- Expects one of the following: computername | group | action | lastcheckin | computerinstalldate | deniedcountthreedays | updatechannel | threatlockerversion
- pageNumber and pageSize: This value determines how many computers will be returned as if the response was on the Computers page. However, this field does not follow the same conventions of the pageNumber and pageSize values as the portal does (pageSize in the portal is 25, 50, 100, 500). Any valid integer can be entered and it will return in the selected formatting. For instance, if there are 5 computers to be returned but “pageNumber” : 1 and “pageSize” : 2, 2 entries will be returned per page and the first two computers will be shown.
- Expects: An Integer value.
- searchText: This can be utilized like the search bar for your call like the search bar on the Computers page itself. This can be used to find a specific hostname or part of a hostname can be entered to find a computer, an organization’s computers, a computer group name, the IP address that your computers are utilizing, etc. Anything that can be searched on the Computers page can be entered in this field and returned.
- Expects: Any text input
- Action: Narrows the search to just the computers in the entered computer mode.
- Description of what the body expects in each field.
- Required body/parameters
- Requires valid APIKey/Authorization Token in header
- Required body:
{
"pageNumber" : 1,
"pageSize" : 25
}
- Optional body/parameters
- Optional body:
{
"action" : "",
"childOrganizations" : false,
"computerGroup" : "00000000-0000-0000-0000-000000000000",
"computerId" : "00000000-0000-0000-0000-000000000000",
"isAscending" : true,
"kindOfAction" : "",
"orderBy" : "computername",
"pageNumber" : 1,
"pageSize" : 25,
"searchText" : "",
}
- Permissions
- Edit Computers
- View Computers
- Install Computers
ComputerGetForEditById
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerGetForEditById
- Method: GET
- Description: This API gets all computer details for an individually selected computer, passing in the computerId as a string. This is good for pulling the information for a select computer based on its ID. This pulls all the information like the Computers page does for the supplied computerId. If looking to find a computer in a different organization than the currently logged-in/where the user is authenticated at, use the managedOrganizationId header as described below.
- Required Parameters
- Requires valid APIKey/Authorization Token in header
- ComputerId: Passed in as a query parameter in the below format:
- GUID format: "00000000-0000-0000-0000-000000000000"
- Optional Parameters
- In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
- Permissions
- View Computers
ComputerUpdateForEdit
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateForEdit
- Method: PATCH
- Description: This API will update the computer details with the information that was changed accordingly.
- Replace the "00000000-0000-0000-0000-000000000000" with the valid computerId of the computer you would like to edit in the computerId field.
- Replace the "00000000-0000-0000-0000-000000000000" value with the computerGroupId of where the computer currently exists or if you want to move the computer into a different computer group, enter the destination computerGroupId in the "computerGroupId" field. The computer will then move into the new computer group. It is recommended after the computer checks-in to its new computer group to Deploy Policies using the button towards the top right corner of the ThreatLocker portal.
- If the “name” entered is different than what currently exists in the portal, the display name of the computer in the portal will change. To keep the name of what currently exists in the portal, input the current name of the computer.
- This is also where the ThreatLocker Proxy settings can be configured/entered to use the “ThreatLocker Relay Server”. It is recommended when looking to utilize the ThreatLocker Proxy to contact our ThreatLocker Support Team for assistance in configuring the proxy correctly by navigating to the "Help" tab and selecting “Chat with a Cyber Hero". If you do not wish to use the ThreatLocker Proxy, leave the "useProxyServer" field set to false.
- Additional ThreatLocker Options can be configured for the individual computer selected. For these to be enabled, input the name as they appear in the ThreatLocker portal as shown in the example body below. Here is a KB link that shows all the Options that can be enabled on a machine:
- Below is a sample body that will configure the ThreatLocker Proxy through this API, and "EnableSHA256” and the “ArgumentsForExecution” Options on this computer if not enabled already
- Required body/parameters
- Requires valid APIKey/Authorization Token in header
- Body:
{
"computerId": "00000000-0000-0000-0000-000000000000",
"computerGroupId": "00000000-0000-0000-0000-000000000000",
"name": "hostname",
“useProxyServer”: true,
"proxyServerOption": "https://",
"proxyUrlEntry": "portal.123.com",
"proxyURL": "https://123.com/",
"options": [
"EnableSHA256",
“ArgumentsForExecution”
]
}
- Permissions
- Edit Computers
ComputerUpdateBaselineRescan
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateBaselineRescan
- Method: POST
- Description: This API will restart the Baseline for selected/supplied computers, completing a Baseline rescan on the endpoint. This can be used to restart the Baseline on multiple computers at the same time much like you can in the portal.
Below is a sample body that will re-scan the Baseline of the supplied computerIds in the organizationIds and computerGroupIds. Replace the “00000000-0000-0000-0000-000000000000" with the valid computerId, organizationId, and computerGroupId values where you would like to re-scan Baseline. This body below will also re-enable Learning based on the computer group settings, which is not mandatory to re-enable, but is typically recommended when completing a re-scan. If you do not wish to enable Learning on the endpoint, change enableLearning to “enableLearning”: false.
- Required body/parameters
- Requires valid APIKey/Authorization Token in header
- Body:
{
"computerDetailDtos":
[
{
"computerId": "00000000-0000-0000-0000-000000000000",
"organizationId": "00000000-0000-0000-0000-000000000000",
"computerGroupId": "00000000-0000-0000-0000-000000000000"
},
{
"computerId": "00000000-0000-0000-0000-000000000000",
"organizationId": "00000000-0000-0000-0000-000000000000",
"computerGroupId": "00000000-0000-0000-0000-000000000000"
}
],
"enableLearning" : true
}
- Permissions
- Edit Computers
ComputerUpdateShouldRestartByIds
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateShouldRestartByIds
- Method: POST
- Description: This API will restart the service for selected computers. This can be updated to include multiple machines to allow the restart of the ThreatLocker Service on the machines selected like in the ThreatLocker portal. Below is a sample body that will restart the ThreatLocker Service on two machines. Replace the 00000000-0000-0000-0000-000000000000 values with the corresponding computerIds and organizationIds.
- Required parameters/body
- Requires valid APIKey/Authorization Token in header
- Body:
[
{
"computerId": "00000000-0000-0000-0000-000000000000",
"organizationId": "00000000-0000-0000-0000-000000000000"
},
{
"computerId": "00000000-0000-0000-0000-000000000000",
"organizationId": "00000000-0000-0000-0000-000000000000"
}
]
- Permissions
- Edit Computers
ComputerUpdateShouldRestartByOrganization
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateShouldRestartByOrganization
- Method: POST
- Description: This API will restart the service on all computers in the organization. For child organization computers to be restarted, include true in the body. For just the parent/currently managed organization's computers to be restarted, include false in the body.
- Required body/parameters
- Requires valid APIKey/Authorization Token in header
- Requires either true or false in the body (with no backets or braces, just the word) to determine whether the restart applies to child organizations or not
- Permissions
- Edit Computers
ComputerMoveToOtherOrganization
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerMoveToOtherOrganization
- Method: POST
- Description: This API will move a computer(s) into another organization. MaintenanceTypeId does not factor in when moving computers. No matter the value entered, the computer will either maintain the existing Maintenance Mode and end date and time or enable Learning and rescan Baseline based upon the Computer Group -> Learning Mode settings. Enabling Learning and rescanning Baseline is determined by the “enableLearningRescan” value, true enables learning and rescans Baseline, false does not. OsType must align correctly with the computers that are being moved to the other organization, otherwise this call will not work.
Below is a sample body for moving two computers between organizations. For the computerGroupId, computerId, and organizationId values, replace the “00000000-0000-0000-0000-000000000000" values with the correct values from where the computer currently resides. For the targetComputerGroupId and the targetOrganizationId values, replace the “00000000-0000-0000-0000-000000000000" value with the correct values from where the computer should move into. The other fields, if filled with information, will not process or change anything inside your organziation. For instance, if “group”: “Not-Workstations” is input next to the “group” field, the name will not change and the call will still work as intended to move the computer(s), assuming all IDs are entered accurately. They are required for processing, but are ok to leave as “” except for MaintenanceTypeId which requires some integer value.
- Required body/parameters
- Requires valid APIKey/Authorization Token in header
- MaintenanceTypeId: This will not change the Maintenance Mode on the machine, however something must be entered
- MonitorOnly = 1
- Installation Mode = 2
- Learning = 3
- Elevation Mode = 4
- TamperProtectionDisabled = 6
- OSType: Enter the OSType of the machine being moved.
- Windows = 1
- MAC = 2
- Linux = 3
- Windows XP = 5
- Body:
{
"computerDetailDtos": [
{
"computerGroupId": "00000000-0000-0000-0000-000000000000",
"computerId": "00000000-0000-0000-0000-000000000000",
"computerName": "",
"group": "",
"hostname": "",
"maintenanceTypeId": 1,
"operatingSystem": "",
"organization": "",
"organizationId": "00000000-0000-0000-0000-000000000000",
"osType": 1
},
{
"computerGroupId": "00000000-0000-0000-0000-000000000000 ",
"computerId": "00000000-0000-0000-0000-000000000000 ",
"computerName": "",
"group": "",
"hostname": "",
"maintenanceTypeId": 1,
"operatingSystem": "",
"organization": "",
"organizationId": "00000000-0000-0000-0000-000000000000 ",
"osType": 1
}
],
"enableLearningRescan": false,
"targetComputerGroupId": "00000000-0000-0000-0000-000000000000",
"targetOrganizationId": "00000000-0000-0000-0000-000000000000"
}
- Permissions
- Edit Computers
ComputerEnableProtection
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerEnableProtection
- Method: POST
- Description: This API will enable Secure Mode on a computer(s). This is typically used when selecting multiple machines in the ThreatLocker Portal that are in an insecure state (any Maintenance Mode other than “Secure Mode”) and selecting “Secure Mode”. Below is a sample body that will enable Secure Mode on two endpoints. Multiple computers can be provided to secure multiple machines at once like on the Computers Page in the portal. Replace the 00000000-0000-0000-0000-000000000000 values with the corresponding computerIds and organizationIds.
- Required parameters
- Requires valid APIKey/Authorization Token in header
- Body:
{
"computerDetailDtos":
[
{
"computerId": "00000000-0000-0000-0000-000000000000",
"organizationId": "00000000-0000-0000-0000-000000000000"
},
{
"computerId": "00000000-0000-0000-0000-000000000000",
"organizationId": "00000000-0000-0000-0000-000000000000"
}
]
}
- Permissions
- Edit Computers
ComputerDisableProtection
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerDisableProtection
- Method: POST
- Description: This API will disable protection on a computer(s). All times entered will utilize UTC in format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, leave the T, HH are the hours, the second MM are the minutes, and SS are the seconds. This is used for enabling any Maintenance Mode other than Secured Mode. The permitEnd field is used to determine whether the end user has the option to end the Maintenance Mode from their machine. If “permitEnd”: true, the tray prompt will appear in the bottom right corner of their screen. If “permitEnd”: false, there will be nothing that appears for the end user.
If enabling Learning on a machine(s), there is the option to target a specific applicationId/target a specific application. There is also the option to enable automatic Learning as you can do in the ThreatLocker portal. You can supply one of the following in the applicationId field to enable automatic Learning: “autosystem”, “autocomp”, “autogroup”. “Autosystem” will create system level policies, “autocomp” will create computer level policies, and “autogroup” will create group level policies. Enabling automatic Learning or selecting an existing applicationId is required to enable Learning mode.
When enabling Installation Mode utilizing this Maintenance Mode, it is important to note that the application must already exist in the organization and to supply a valid applicationId in the "applicationId' field. If you are looking to create a new application/install, utilize the “MaintenanceModeInsert” call.
Below is a sample body to disable protection on one computer. Replace the 00000000-0000-0000-0000-000000000000 values with the corresponding computerGroupIds, computerIds, and organizationIds. Enter a startDate, endDate, maintenanceModeType, and permitEnd value as indicated above. Also be sure to include an applicationId if enabling ApplicationControlInstallationMode or Learning Mode. GUID format for the applicationId is "00000000-0000-0000-0000-000000000000".
- Required body/parameters
- Requires valid APIKey/Authorization Token in header
- List of MaintenanceTypeIds that can be provided in the "MaintenanceModeType" field below:
- ApplicationControlMonitorOnly; MaintenanceTypeId = 1
- ApplicationControlInstallationMode; MaintenanceTypeId = 2
- Learning; MaintenanceTypeId = 3
- Elevation; MaintenanceTypeId = 4
- TamperProtectionDisabled; MaintenanceTypeId = 6
- Isolation; MaintenanceTypeId = 14
- Lockdown; MaintenanceTypeId =15
- DisableOpsAlerts; MaintenanceTypeId = 16
- NetworkControlMonitorOnly; MaintenanceTypeId = 17
- StorageControlMonitorOnly; MaintenanceTypeId = 18
-
- Body:
{
"computerDetailDtos":
[
{
"action": "",
"computerGroupId": "00000000-0000-0000-0000-000000000000",
"computerId": "00000000-0000-0000-0000-000000000000",
"computerName": "",
"maintenanceEndDate": null,
"organizationId": "00000000-0000-0000-0000-000000000000",
"startDateTime": null
}
],
"endDate": "YYYY-MM-DDTHH:MM:SSZ",
"startDate": "YYYY-MM-DDTHH:MM:SSZ",
"maintenanceModeType": ID,
"permitEnd": true,
"applicationId": ""
}
- Permissions
- Edit Computers
ComputerRemoveDuplicate
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerRemoveDuplicate
- Method: POST
- Description: This API will remove duplicate computers from the computers page based on install date and the last check-in date and time of each computer with the same hostname. Only computers that have not been active in the ThreatLocker Portal at the same time will be removed. More information about removing computers can be found in this KB article:
Remove Duplicate Computers Button | ThreatLocker Help Center
- Mandatory body/parameters
- Requires valid APIKey/Authorization Token in header
- Requires either true or false in the body (with no brackets or braces, just the word) to determine whether removing the duplicate computers will run in your child organizations or not
- Permissions
- Edit Computers
ComputerUpdateMaintenanceMode
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateMaintenanceMode
- Method: POST
- Description: This API will update the Maintenance Mode on an individual computer. All times entered will utilize UTC in format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, leave the T, HH are the hours, the second MM are the minutes, and SS are the seconds. This is commonly utilized from the ‘Quick Action’ dropdown in the ThreatLocker portal. To update the Maintenance Mode on a computer in a child organization, be sure to include a header for ‘managedOrganizationId’, passing in the organizationId where the computer exists. Also be sure to use application IDs that are accessible from the managed organization, meaning that a child organization cannot use another child organization's application.
If enabling Learning on a machine(s), there is the option to target a specific applicationId/target a specific application. There is also the option to enable automatic Learning as you can do in the ThreatLocker portal. You can supply one of the following in the applicationId field to enable automatic Learning: “autosystem”, “autocomp”, “autogroup”. “Autosystem” will create system level policies, “autocomp” will create computer level policies, and “autogroup” will create group level policies.
When enabling Installation Mode utilizing this Maintenance Mode, it is important to note that the application must already exist in the organization. If you are looking to create a new application/install, utilize the “MaintenanceModeInsert” call.
Listed below is a sample body that will update the Maintenance Mode on one machine. Replace the 00000000-0000-0000-0000-000000000000 value with the corresponding computerId. Enter a startDateTime, maintenanceEndDate and maintenanceModeTypeId value as indicated above. Also be sure to include an applicationId if enabling ApplicationControlInstallationMode or Learning Mode, GUID format for the applicationId is "00000000-0000-0000-0000-000000000000".
- Mandatory body/parameters
- Requires valid APIKey/Authorization Token in header
- List of MaintenanceTypeIds that can be provided in the "MaintenanceModeType" field below:
- ApplicationControlMonitorOnly; MaintenanceTypeId = 1
- ApplicationControlInstallationMode; MaintenanceTypeId = 2
- Learning; MaintenanceTypeId = 3
- Secured Mode = 8
- NetworkControlMonitorOnly; MaintenanceTypeId = 17
- StorageControlMonitorOnly; MaintenanceTypeId = 18
-
Body:
{
"applicationId": "",
"computerDetailDto": {
"computerId": "00000000-0000-0000-0000-000000000000",
"maintenanceTypeId": 1,
"maintenanceEndDate": "YYYY-MM-DDTHH:MM:SSZ",
"startDateTime": "YYYY-MM-DDTHH:MM:SSZ"
}
}
- Optional parameters
- In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
- Permissions
- Edit Computers
ComputerUpdateThreatlockerVersionByIds
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateThreatlockerVersionByIds
- Method: POST
- Description: This API will update the ThreatLocker version on individually selected computers. This is expected to have the ThreatLocker version ID. To get the ThreatLockerVersionId you would like to use, utilize the ThreatLockerVersionGetForDropdownList to get all the versions able to be upgraded or downgraded to. Utilize the “label” field to identify which version you would like and copy/save the “value” field (should be in this format: 00000000-0000-0000-0000-000000000000). Below is a sample body that can be used for updating the ThreatLocker version on two machines using this call. Replace the 00000000-0000-0000-0000-000000000000 values with the corresponding threatLockerVersionId, computerId, and organizationId. Enter the corresponding osType as indicated above by the OSType options:
- Manadatory body/parameters
- Requires valid APIKey/Authorization Token in header
- Include an "OSType": "Windows = 1 | MAC = 2 | Linux = 3 | Windows XP = 5" as indicated in the body below.
- Body:
{
"threatLockerVersionId": "00000000-0000-0000-0000-000000000000",
"computerDetailDtos": [
{
"computerId": "00000000-0000-0000-0000-000000000000",
"organizationId": "00000000-0000-0000-0000-000000000000",
"osType" : 1
},
{
"computerId": "00000000-0000-0000-0000-000000000000",
"organizationId": "00000000-0000-0000-0000-000000000000",
"osType" : 1
}
]
}
- Permissions
- Edit Computers
ComputerUpdateToFinishMaintenanceMode
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateToFinishMaintenanceMode
- Method: POST
- Description: This API will end the maintenance mode on an individual computer. For this endpoint, only one computer’s Maintenance Mode can be ended at a time, multiple computers cannot have their Maintenance Mode ended at one time. Below is the body that will end the current Maintenance Mode on the machine. Replace the 00000000-0000-0000-0000-000000000000 values with the corresponding computerId, and organizationId.
- Manadatory body/parameters
- Requires valid APIKey/Authorization Token in header
- Body
{
"computerId": "00000000-0000-0000-0000-000000000000",
"organizationId": "00000000-0000-0000-0000-000000000000"
}
- Permissions
- Edit Computers
ComputerGetForNewComputer
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerGetForNewComputer
- Method: GET
- Description: This API will get new computer details for a newly installed machine. This can be useful for getting the installation information for your organization and/or your child organizations. To access the installation information for other organizations, use the “managedOrganizationId” header and supply the organizationId you would like the view the information for.
- This call will verify the EULA is accepted (isEulaAccepted), verify if the organization has ThreatLockerOps, now ThreatLocker Detect (hasThreatLockerOps), and then grab the computer group(s) from the organization. The “label” field is the name of the computer group. The “value” is used for the install key for the organization. The “numericValue” field is used to indicate the OSType of the computer group, OSTypes listed below. Disabled indicates whether the computer group can be used/installed into. The ApiKey value will be filled in with the organization’s unique identifier, which can be used for installing ThreatLocker into your RMM environment.
- OSType: Windows = 1 | MAC = 2 | Linux = 3 | Windows XP = 5
- It is important to note that when installing through an RMM environment it is typically best to utilize the Unique Identifier from your organization, typically the parent organization. When using the parent’s Unique Identifier, the script will identify if a new organization needs to be created for the computers being installed and install into the groups accordingly. It is possible to create the organization to install into ahead of time and use that child organization Unique Identifier to install directly into the child organization, however be sure to make the organization identifier identical to what appears in the portal for your RMM, otherwise a new organization will be created under your child, effectively making a “grand-child” organization from the parent organization. Be sure to look into our KnowledgeBase Articles at the link below or reach out to our ThreatLocker Support department for assistance with deployment.
- This call will verify the EULA is accepted (isEulaAccepted), verify if the organization has ThreatLockerOps, now ThreatLocker Detect (hasThreatLockerOps), and then grab the computer group(s) from the organization. The “label” field is the name of the computer group. The “value” is used for the install key for the organization. The “numericValue” field is used to indicate the OSType of the computer group, OSTypes listed below. Disabled indicates whether the computer group can be used/installed into. The ApiKey value will be filled in with the organization’s unique identifier, which can be used for installing ThreatLocker into your RMM environment.
- Manadatory body/parameters
- Requires valid APIKey/Authorization Token in header
- Optional body/parameters
- In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
- Permissions
- Edit Computers
- View Computers
- Install Computers
ComputerGetDownload
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerGetDownload
- Method: POST
- Description: This API will get the download for ThreatLocker using the information in the body below. The "platform" can be "x64", "x86", or ' '. The ' ' is used for MAC and Linux installers. The "apiKey" is the install key from the selected computer group you want to install into. The "fileType" indicates the file type that will be returned, the options are: "Stub Installer = stub", "MSI Installer = windows", "PowerShell Script = pssscript", "PKG File = mac", "Debian = debian", "Redhat = redhat", "Windows XP = windowsxp", and "Remediator Service Installer = remediation". Be sure the fileType typed into your body matches what is seen here exactly or your call may not work as expected. The response is returned in base 64 which we then use the atob function to blob the string. From there, we send it to the browser for download.
- Required body/parameters
- Requires valid APIKey/Authorization Token in header
- Body:
{
"platform": "x64",
"apiKey": "apiKeyHere",
"fileType": "stub"
}
- Permissions
- Edit Computers
- Install Computers
ComputerSignedScriptDownload
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerSignedScriptDownload
- Method: GET
- Description: This API is used for pulling the ThreatLockerVerifier.exe, associated with the Logon script. This is used for checking if ThreatLocker is installed on machines in an RMM/GPO environment. This call expects the brand to be passed in, which will always be Threatlocker. Use this in association with the batch script that is also found in the ThreatLocker portal and can be pulled through API using the ComputerSamplePathDownload endpoint. The response is returned in base 64 which we then use the atob function to blob the string. From there, we send it to the browser for download.
- Required body/parameters
- Requires valid APIKey/Authorization Token in header
- brand: Threatlocker
- Permissions
- Edit Computers
- Install Computers
ComputerSamplePathDownload
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerSamplePathDownload
- Method: GET
- Description: This API will pull the batch file used to verify ThreatLocker is installed onto your endpoints. This call expects the brand to be passed in, which will always be Threatlocker. Be sure when modifying this script to ensure that the authKey used inside the script is accurate with the organization where this script will run. Also be sure the file paths inside the script will be able to find the specified executable file and execute it successfully to check if ThreatLocker is installed on the machine(s). The response is returned in base 64 which we then use the atob function to blob the string. From there, we send it to the browser for download.
- Required body/parameters
- Requires valid APIKey/Authorization Token in header
- brand: Threatlocker
- Permissions
- Edit Computers
- Install Computers
ComputerUnSignedScriptDownload
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUnSignedScriptDownload
- Method: GET
- Description: This API will pull the ThreatLockerVerifier-Unsigned.exe file used to verify ThreatLocker is installed onto your endpoints. This call expects the brand to be passed in, which will always be Threatlocker. Use this in association with the batch script that is also found in the ThreatLocker portal and can be pulled through API using the ComputerSamplePathDownload endpoint. This version is smaller than the signed version. The response is returned in base 64 which we then use the atob function to blob the string. From there, we send it to the browser for download.
- Required body/parameters
- Requires valid APIKey/Authorization Token in header
- brand: Threatlocker
- Permissions
- Edit Computers
- Install Computers
ComputerUpdateChannel
https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateChannel
- Method: POST
- Description: This API will change the update channel on a computer(s). Replace the 00000000-0000-0000-0000-000000000000 values with the corresponding computerId, and organizationId in the body below.
- Required body/parameters
- Requires valid APIKey/Authorization Token in header
- UpdateChannel:
- Manual Update = 0
- Pre-Releases = 1
- Regular = 2
- Expedited = 3
- Slow and Steady = 4"
- Body:
"computerId": "00000000-0000-0000-0000-000000000000",
"organizationId": "00000000-0000-0000-0000-000000000000"
},
{
"computerId": "00000000-0000-0000-0000-000000000000",
"organizationId": "00000000-0000-0000-0000-000000000000"
}
- Permissions
- Edit Computers