/portalAPI/Computer/*

This article will encompass all portalAPI calls that are related to /portalAPI/Computer/* endpoints

 

Be sure to input the instance your organization exists on for each call. This is indicated with the "INSTANCE" text in each endpoint. Linked here is a KB to find your instance:

Locating Your Organization's Instance | ThreatLocker Help Center

ComputerGetByAllParameters

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerGetByAllParameters

• Method: POST
• Description: This API is used on the Devices page in the ThreatLocker Portal to display all the computers in an organization. This is useful for displaying all the information for all the computers in an organization and their child organizations, if selected. If looking to view the computers only for a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below. Various fields are described below that can be changed to search and sort like you can on the Devices page itself in the Portal.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • Fields
    • orderBy: This field will order the computers that are shown based on the isAscending field (defaults to true) and the text entered below. This field expects the text from one of the below options to be entered exactly as they appear.
      • computername
      • group
      • action
      • lastcheckin
      • computerinstalldate
      • deniedcountthreedays
      • threatlockerversion
    • pageNumber and pageSize: This value determines how many computers will be returned as if the response was on the Devices page. However, this field does not follow the same conventions of the pageNumber and pageSize values as the Portal does (pageSize in the Portal is 25, 50, 100, or 500). Any valid integer can be entered and it will return in the selected formatting. For instance, if there are 5 computers to be returned but “pageNumber” : 1 and “pageSize” : 2, 2 entries will be returned per page and the first two computers will be shown.
      • Expects: An Integer value
  • Required body:

{

   "orderBy": "<String>",

   "pageNumber" : <Integer>, 

   "pageSize" : <Integer>

}

• Optional Body/Parameters
  • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Fields

• • • action: This field will narrow the search to just the computers in one of the below computer modes or update channels. This requires two fields to be fulfulled in order to function as described below. The first is entered into the "action" field, the other needs to be entered into the "kindOfAction".
      • To view based on computer mode:
        • action: Expects of the following options to be entered:
          • Secure
          • Installation
          • Learning
          • MonitorOnly
        • kindofaction: Expects the text of exactly "Computer Mode" to be entered
      • To view based on update channel:
        • action: Expects one of the following options to be entered:
          • Manual Update
          • Pre-Releases
          • Regular
          • Expedited
          • Slow and Steady
        • kindofaction: Expects the text of exactly "Update Channel" to be entered
    • childOrganizations: This field will determine whether the computers from all child organizations will be returned or not. When set to true, all computers from all child organizations, including grandchild organizations, will be returned. When set to false, just the computers from the currently managed organization will be returned, typically this will be the parent organization.
      • Expects: true or false
    • computerGroup: This field is used for filtering based on the computer group a computer is currently in. If "00000000-0000-0000-0000-000000000000" is input, all computers will be returned according to the other parameters passed in. However, if looking for a specific computer group, the computerGroupId can be entered and only computers from the selected computer group will be returned. Multiple computerGroupId values cannot be entered.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • computerId: This field is used for filtering based on a specific computer. If "00000000-0000-0000-0000-000000000000" is input, all computers will be returned according to the other parameters passed in. However, if looking for a specific computer, the computerId can be entered and only the computer matching the computerId will be returned. Multiple computerId values cannot be entered.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • isAscending: This field determines the order the computers are returned/shown. When isAscending is true, the computers will be returned in decreasing order, from high to low, based on the orderBy field utilized. When isAscending is false, the computers will be returned in increasing order, from low to high, based on the orderBy field utilized.
      • Expects: true or false
    • kindOfAction: This field is typically used in conjunction with the "action" field and is used to display one of the below options from the computers in your organization. This field expects the text from one of the below options to be entered exactly as they appear.
      
      • Computer Mode
      • TamperProtectionDisabled
      • NeedsReview
      • ReadyToSecure
      • BaselineNotUploaded
      • Update Channel
    • searchText: This field allows you to search through the list of your computers by inputting any text/details you want to search for. This can be used to find a specific hostname or part of a hostname can be entered to find a computer, an organization’s computers, a computer group name, the IP addresses that your computers are utilizing, etc. Anything that can be searched using the search bar on the Devices page can be entered into this field and returned.
      • Expects: Any text input

• • Optional body:

{ 

  "action" : "<String>",

  "childOrganizations" : <Boolean>, 

  "computerGroup" : "00000000-0000-0000-0000-000000000000", 

  "computerId" : "00000000-0000-0000-0000-000000000000",  

  "isAscending" : <Boolean>, 

  "kindOfAction" :  "<String>", 

  "orderBy" : "<String>", 

  "pageNumber" : <Integer>, 

  "pageSize" : <Integer>, 

  "searchText" : "<String>",

}

• Permissions Needed for User
  • Edit Computers
  • View Computers
  • Install Computers

ComputerGetForEditById

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerGetForEditById

• Method: GET
• Description: This API is used on the Devices page in the ThreatLocker Portal when clicking on an individual computer and opening the computer sidebar to view its information. This API gets all the computer details for an individually selected computer. If looking to view a computer that is in a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • computerId: This field is used to determine what computer's details will be returned.
    • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
• Optional Body/Parameters
  • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
• Permissions Needed for User
  • View Computers

ComputerUpdateForEdit

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateForEdit

• Method: PATCH
• Description: This API is used on the Devices page in the ThreatLocker Portal when viewing the details of a computer in the computer sidebar and clicking save to apply any changes made to the computer. This API will update the computer details with the information that was changed in the body accordingly.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • Fields
    • computerId: This field is used to determine which computer will be modified by the changes made in the other fields.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • computerGroupId: This field contains the computerGroupId of where the computer currently exists. If you want to move the computer into a different computer group, enter the destination computerGroupId in this field. The computer will then move into the new computer group after the call is complete. It is recommended after the computer checks-in to its new computer group to Deploy Policies using the button towards the top right corner of the ThreatLocker Portal.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • name: This field contains the name of the computer in the ThreatLocker Portal. If the name entered is different than what currently exists in the Portal, the display name of the computer will change. To keep the name of what currently exists in the Portal, input the current name of the computer.
      • Expects: Any text input
    • useProxyServer: This field determines whether the ThreatLocker Relay Server (ThreatLocker Proxy) will be used or not. It is recommended when looking to utilize the ThreatLocker Relay Server to contact our ThreatLocker Support Team for assistance by navigating to the "Help" tab and selecting “Chat with a Cyber Hero". If you do not wish to use the ThreatLocker Proxy, set this to false.
      • Expects: true or false
    • proxyServerOption: This field expects just the proxy server option to be entered, for instance, "https://" or "http://".
      • Expects: Any text that aligns with the proxy server option
    • proxyUrlEntry: This field expects just the proxy URL to be entered, for instance, "portal.123.com".
      • Expects: Any text that aligns with the proxy URL entry
    • proxyURL: This field expects the full path of the proxy to be entered, for instance, "https://portal.123.com".
      • Expects: Any text that aligns with the two above entries/full path of the proxy
    • options: This field allows for additional ThreatLocker Options to be configured for the individual computer selected. For these to be enabled, input the name as they appear in the ThreatLocker Portal/KB link below. This KB shows the Options currently available for use:
      •  https://threatlocker.kb.help/options-tab-choices-and-descriptions-for-the-computers-page-the-computer-groups-page-and-the-entire-organization-page/ 
      • Expects: Any text input of one (or multiple, each separated by a comma) of the options available
  • Required body:

{

  "computerId": "00000000-0000-0000-0000-000000000000", 

  "computerGroupId": "00000000-0000-0000-0000-000000000000", 

  "name": "<String>", 

  “useProxyServer”: <Boolean>,

  "proxyServerOption": "<String>", 

  "proxyUrlEntry": "<String>", 

  "proxyURL": "<String>",

  "options": [ 

    "<String>", 

    "<String> "

    ] 

}

• • Example body:
    • This example body will configure the ThreatLocker Proxy through this endpoint and "EnableSHA256” and the “ArgumentsForExecution” Options on this computer if not enabled already.

{ 

  "computerId": "00000000-0000-0000-0000-000000000000", 

  "computerGroupId": "00000000-0000-0000-0000-000000000000", 

  "name": "hostname", 

  “useProxyServer”: true,

  "proxyServerOption": "https://", 

  "proxyUrlEntry": "portal.123.com", 

  "proxyURL": "https://portal.123.com",

  "options": [ 

    "EnableSHA256", 

    “ArgumentsForExecution” 

    ] 

}

• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers

ComputerUpdateBaselineRescan

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateBaselineRescan

• Method: POST
• Description: This API is used on the Devices page in the ThreatLocker Portal when selecting the checkbox next to one or multiple computers and then clicking the "Rescan Baseline" button. This API will restart the Baseline for selected/supplied computers, completing a Baseline rescan on the computer. This can be used to restart the Baseline on multiple computers at the same time like you can in the Portal.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • Fields
    
    • computerId: This field is used to determine which computer will have the Baseline rescan complete.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • organizationId: This field is used to specify the organization where the computer exists that will have the Baseline rescan complete.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • computerGroupId: This field is used to specify the computer group where the computer exists that will have the Baseline rescan complete.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • enableLearning: This field is used to determine whether Learning will be enabled based on the computer group settings. Re-enabling Learning is not mandatory, but is typically recommended when completing a rescan. If you do not wish to enable Learning on the endpoint, set this field to false.
      • Expects: true or false
  • Required/Example body:
    • The body below, when filled in with corresponding id values, will complete a Baseline rescan on two computers. It is important to fill out all 3 fields (computerId, organizationId, and computerGroupId) for each computer you would like to rescan the Baseline on.

• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers

ComputerUpdateShouldRestartByIds

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateShouldRestartByIds

• Method: POST
• Description: This API is used on the Devices page in the ThreatLocker Portal when selecting the checkbox next to one or multiple computers and then clicking the "Restart Agent(s)" button. This API will restart the service for the selected computers. This can be used to restart the ThreatLocker Service on multiple computers at the same time like in the ThreatLocker Portal.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • Fields
    • computerId: This field is used to determine which computer will complete the ThreatLocker Service restart.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • organizationId: This field is used to specify the organization where the computer exists that will have the ThreatLocker Service restarted.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Required body:
    • The body below, when filled in with corresponding id values, will complete a service restart on two computers. It is important to fill out both fields (computerId and organizationId) for each computer you would like to restart the ThreatLocker Service on.

• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers

ComputerUpdateShouldRestartByOrganization

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateShouldRestartByOrganization

• Method: POST
• Description: This API is used on the Devices page in the ThreatLocker Portal when selecting from the "Computer Options" hamburger dropdown next to "Install Computer" and clicking the "Restart Agent (ALL)" button. This API will restart the service on all computers in the organization as per the field passed in below. If looking to restart the ThreatLocker Service for all computers only in a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header 
  • This expects either true or false (with no backets or braces, just the word) to be entered to determine whether the service restart will apply to child organizations or not. If wanting the service restart to apply to child organizations as well, set this field to true. Otherwise, set this to false and the service restart will only apply to the currently managed organization.
    • Expects: true or false
• Optional Body/Parameters
  • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
• Permissions Needed for User
  • Edit Computers

ComputerMoveToOtherOrganization

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerMoveToOtherOrganization

• Method: POST
• Description: This API is used on the Devices page in the ThreatLocker Portal when selecting the checkbox next to one or multiple computers, clicking the "Move Computer" button, entering the target organization and computer group, selecting whether to enable Learning and rescan Baseline or not, and then clicking "Move Computer" where this API is called and the computer is moved. This API will move a computer(s) into another organization.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • Fields
    • computerGroupId: This field is used to specify the current computer group where the computer that will be moved exists.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • computerId: This field is used to determine which computer will be moved to a different group and/or organization.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • computerName: This field is required for processing, but is ok to leave blank. Anything input will not effect/make changes to the computer moved by this API.
      • Expects: ""
    • group: This field is required for processing, but is ok to leave blank. Anything input will not effect/make changes to the computer moved by this API.
      • Expects: ""
    • hostname: This field is required for processing, but is ok to leave blank. Anything input will not effect/make changes to the computer moved by this API.
      • Expects: ""
    • maintenanceTypeId: This field expects any Integer to be entered for processing. This will not change the Maintenance Mode on the machine, however something must be entered. The computer will either maintain the existing Maintenance Mode and end date and time or enable Learning and rescan Baseline based upon the Computer Group -> Learning Mode settings.
      • Expects: An Integer value
    • operatingSystem: This field is required for processing, but is ok to leave blank. Anything input will not effect/make changes to the computer moved by this API.
      • Expects: ""
    • organization: This field is required for processing, but is ok to leave blank. Anything input will not effect/make changes to the computer moved by this API.
      • Expects: ""
    • organizationId: This field is used to specify the current organization where the computer that will be moved exists.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • osType: This field is used to specify the osType of the computer being moved and expects one of the following Integer values to be entered that correspond to the computer:
      • Windows = 1
      • MAC = 2
      • Linux = 3
      • Windows XP = 5
    • enableLearningRescan: This field is used to specify whether Learning will be enabled as per the computer group settings and if the Baseline will be rescanned or not. Set this to true to enable Learning and to rescan the Baseline on the computer. Set this to false to just move the computer with no changes to the Maintenance Mode(s) active on the computer and Baseline.
      • Expects: true or false
    • targetComputerGroupId: This field is used to specify the new computer group that the computer(s) entered will be moved into.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • targetOrganizationId: This field is used to specify the new or current (if just moving computer groups within the same org) organization that the computer(s) entered will be moved into.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Required body:
    • The body below, when filled in with the corresponding values for each field, will move two computers. It is important to fill out all the fields for each computer you would like to move.

• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers

ComputerEnableProtection

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerEnableProtection

• Method: POST
• Description: This API is used on the Devices page in the ThreatLocker Portal when selecting the checkbox next to one or multiple computers that are in an insecure state, clicking the "Secure Mode" button, and clicking "Yes" in the confirmation text box that appears. This API will enable Secured Mode on the selected/supplied computer(s).
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • Fields
    • computerId: This field is used to determine which computer will have Secured Mode enabled.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • organizationId: This field is used to specify the organization where the computer that will have Secured Mode enabled exists.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Required body:
    • The body below, when filled in with corresponding id values, will enable Secured Mode on two computers. It is important to fill out both fields (computerId and organizationId) for each computer you would like to enable Secured Mode on.

}

• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers

ComputerDisableProtection

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerDisableProtection 

• Method: POST
• Description: This API is used on the Devices page in the ThreatLocker Portal when selecting the checkbox next to one or multiple computers that you want to enable a Maintenance Mode on (disable protection), clicking the "Schedule Maintenance" button, selecting the start date and time plus end date and time, selecting the Maintenance Mode that will be enabled, determining whether the end user on the computer has the option to end the Maintenance Mode directly from the tray popup on their computer or not, and clicking "Start Maintenance" where this endpoint is called. This API will disable protection on a computer(s) as per the other fields passed in.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • Fields
    • computerGroupId: This field is used to specify the computer group where the computer that will have the Maintenance Mode enabled exists.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • computerId: This field is used to determine which computer will have the Maintenance Mode enabled.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • organizationId: This field is used to specify the organization where the computer that will have the Maintenance Mode enabled exists.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • endDate: This field specifies when the Maintenance Mode will end on a computer. This expects a time entered in UTC in format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, HH are the hours, the second MM are the minutes, and SS are the seconds. The T must be included to designate the time and should not be changed or removed.
      • Expects end date and time in format: "YYYY-MM-DDTHH:MM:SSZ"
    • startDate: This field specifies when the Maintenance Mode will start on a computer. This expects a time entered in UTC in format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, HH are the hours, the second MM are the minutes, and SS are the seconds. The T must be included to designate the time and should not be changed or removed.
      • Expects start date and time in format: "YYYY-MM-DDTHH:MM:SSZ"
    • maintenanceModeType: This field specifies the Maintenance Mode that will be enabled on the computer. Listed below are the Integer ids that are expected to be entered to have the corresponding Maintenance Mode enabled.
      • Application Control Monitor Only = 1
      • Application Control Learning Mode = 3
        
        • When using this Maintenance Mode, refer to the applicationId field below for how to enable this Maintenance Mode successfully.
      • Disable Tamper Protection = 6
    • permitEnd: This field is used to determine whether the end user has the option to end the Maintenance Mode directly from their computer. If permitEnd is set to true, the tray prompt will appear in the bottom right corner of their screen so the user can end the Maintenance Mode directly from their computer. If permitEnd is set to false, there will be nothing that appears for the end user.
      • Expects: true or false
    • applicationId: This field is used when enabling Learning Mode through this endpoint to allow you to specify whether automatic computer or automatic group Learning will be enabled. Automatic computer Learning ("autocomp") will automatically create applications and apply new policies at the computer level and automatic group Learning (“autogroup”) will automatically create applications and apply new policies at the group level. Using one of these options is required to enable Learning mode with this API.
      • Expects: autocomp or autogroup
  • Required body:
    • The body below, when filled in with corresponding values for each field, will enable the desired Maintenance Mode on two computers. It is important to fill out all the fields for each computer you would like to enable the Maintenance Mode on.

• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers

ComputerRemoveDuplicate

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerRemoveDuplicate

• Method: POST
• Description: This API is used on the Devices page in the ThreatLocker Portal when selecting from the "Computer Options" hamburger dropdown next to "Install Computer" and clicking the "Remove Duplicate Computers" button. This API will remove duplicate computers from the Devices page based on install date and the last check-in date and time of each computer with the same hostname. Only computers that have not been active in the ThreatLocker Portal at the same time will be removed. More information about removing computers can be found in the KB article below:

Remove Duplicate Computers Button | ThreatLocker Help Center

If looking to remove duplicate computers for all computers only in a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below.

• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • This expects either true or false (with no backets or braces, just the word) to be entered to determine whether to remove duplicate computers from child organizations or not. If wanting to remove duplicate computers from child organizations as well, set this field to true. Otherwise, set this to false and the duplicate computers will only be removed from the currently managed organization.
    • Expects: true or false
• Optional Body/Parameters
  • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
• Permissions Needed for User
  • Edit Computers

ComputerUpdateMaintenanceMode

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateMaintenanceMode

• Method: POST
• Description: This API is used on the Devices page in the ThreatLocker Portal when using the "Quick Action" dropdown, the dropdown next to a computer's group name that shows the Maintenance Mode the computer is currently in. This API will update the Maintenance Mode on an individual computer. When enabling Installation or Learning mode from this API, be sure to use applicationIds that are accessible from the organization where the computer exists. For example, a child organization cannot use another child organization's application as it will be inaccessible.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • Fields
    • applicationId: This field is used when enabling either the Installation or Learning Maintenance Mode on a computer. With Installation, this field can be used to target an existing application only. With Learning mode, this field can be used to either target an existing application or it can use an automatic method, either automatic computer, group, or system Learning. Automatic computer Learning ("autocomp") will automatically create applications and apply new policies at the computer level. Automatic group Learning (“autogroup”) will automatically create applications and apply new policies at the group level. Automatic system Learning ("autosystem") will only automatically learn drivers and miscellaneous Windows files, applying only to the individual system. If not using one of these Maintenance Modes, it is ok to leave this field as "". This field expects one of the following entries when using Installation or Learning mode:
      • <GUID> in format "00000000-0000-0000-0000-000000000000"
      • autocomp
      • autogroup
      • autosystem
    • computerId: This field is used to determine which computer will have the Maintenance Mode enabled.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • organizationId: This field is used to specify the organization where the computer that will have the Maintenance Mode enabled exists.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • maintenanceTypeId: This field specifies the Maintenance Mode that will be enabled on the computer. Listed below are the Integer ids that are expected to be entered to have the corresponding Maintenance Mode enabled.
      • Application Control Monitor Only = 1
      • Application Control Installation = 2
      • Application Control Learning = 3
      • Secured = 8
      • Network Control Monitor Only = 17
      • Storage Control Monitor Only = 18 
    • maintenanceEndDate: This field specifies when the Maintenance Mode will end on a computer. This expects a time entered in UTC in format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, HH are the hours, the second MM are the minutes, and SS are the seconds. The T must be included to designate the time and should not be changed or removed.
      • Expects end date and time in format: "YYYY-MM-DDTHH:MM:SSZ"
    • startDateTime: This field specifies when the Maintenance Mode will start on a computer. This expects a time entered in UTC in format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, HH are the hours, the second MM are the minutes, and SS are the seconds. The T must be included to designate the time and should not be changed or removed.

      • Expects start date and time in format: "YYYY-MM-DDTHH:MM:SSZ"

  • Required body:

    { 

      "applicationId": "<String>", 

      "computerDetailDto": { 

        "computerId": "00000000-0000-0000-0000-000000000000",

        "organizationId": "00000000-0000-0000-0000-000000000000",

        "maintenanceTypeId": <Integer>, 

        "maintenanceEndDate": "YYYY-MM-DDTHH:MM:SSZ", 

        "startDateTime": "YYYY-MM-DDTHH:MM:SSZ" 

      }

    }

• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers

ComputerUpdateThreatlockerVersionByIds

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUpdateThreatlockerVersionByIds

• Method: POST
• Description: This API is used on the Devices page in the ThreatLocker Portal when selecting the checkbox next to one or multiple computers that you want to change/update the ThreatLocker Version on then clicking the "Upgrade Version" button OR clicking on the ThreatLocker Version number on an individual computer in the "TL Version" column in the Portal, selecting which version of ThreatLocker to upgrade/downgrade to OR selecting "Inherit From Group", and then clicking "Change Version" where this API is called. This API will upgrade/downgrade the ThreatLocker Version on a selected computer(s) depending on the fields below.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • Fields
    • threatLockerVersion: This field is only used when changing the ThreatLocker Version on a computer(s) to "Inherit From Group". It is important that there is no value in the threatLockerVersionId field as any id supplied in that field will overwrite this one.
      • Expects: The text "Inherit From Group"
    • threatLockerVersionId: This field is used to specify the version of ThreatLocker that the computer(s) will upgrade/downgrade to. To get the ThreatLockerVersionId you would like to use, utilize the ThreatLockerVersionGetForDropdownList API to get all the versions available to be upgraded or downgraded to. Utilize the “label” field to identify which version you would like to upgrade/downgrade to and copy/save the “value” field as this is the id to be supplied in this field.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • computerId: This field is used to determine which computer will have the ThreatLocker Version upgraded/downgraded.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • organizationId: This field is used to specify the organization where the computer that will have the ThreatLocker Version upgraded/downgraded exists.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
    • osType: This field is used to specify the osType of the computer being upgraded/downgraded and expects one of the following Integer values to be entered that correspond to the computer:
      • Windows = 1
      • MAC = 2
      • Linux = 3
      • Windows XP = 5
  • Required body:
    • The body below, when filled in with corresponding values for each field, will upgrade/downgrade the ThreatLocker Version on two computers. It is important to fill out all the fields for each computer you would like to upgrade/downgrade the ThreatLocker Version on.

{

"threatLockerVersion": "<String>",

• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers

ComputerGetForNewComputer

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerGetForNewComputer

• Method: GET
• Description: This API is used on the Devices page in the ThreatLocker Portal when clicking the "Install Computer" button in the top left corner. This API will get the computer group/installation information that will allow you to install ThreatLocker onto a new computer. When looking to use this API, be sure that the APIKey/Authorization token (currently authenticated user) has accepted the EULA. If the user currently being utilized through the API has not accepted the EULA, no computer groups/information will be returned. If looking to view the installation information for a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below. This call will return the computer groups available to install into for the current organization. Described below are what is returned from this API.
  • label: This field is the name of the computer group. 
  • value: This field contains the install key for the organization.
  • numericValue: This field is used to indicate the OSType of the computer group, OSTypes are listed below:
    • Windows = 1
    • MAC = 2
    • Linux = 3
    • Windows XP = 5
  • disabled: This field indicates whether the computer group can be used/installed into. 
  • apiKey: This field is used to display the organization’s unique identifier, which can be used for installing ThreatLocker through your RMM environment.
    • It is important to note that when installing ThreatLocker through an RMM environment, it is typically best to utilize the Unique Identifier from your organization, typically the parent organization. When using the parent’s Unique Identifier, the script will identify if a new organization needs to be created for the computers being installed and install into the corresponding organization and computer groups. It is possible to create the organization to install into ahead of time and use that child organization Unique Identifier to install directly into the child organization. However, be sure to make the organization identifier identical to what appears in the Portal in your RMM. Otherwise, a new organization will be created under your child, effectively making a “grandchild” organization from the parent organization. Be sure to look into our KB articles at the link below and/or reach out to our ThreatLocker Support Team for assistance with deployment.
      • Deployment | ThreatLocker Help Center
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
• Optional Body/Parameters
  • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
• Permissions Needed for User
  • Edit Computers
  • View Computers
  • Install Computers

ComputerGetDownload

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerGetDownload

•  Method: POST
• Description: This API is used on the Devices page in the ThreatLocker Portal when clicking "Install Computer" in the top left corner, selecting the "Manual Deployment" option, selecting a computer group from the dropdown menu, and then clicking on the button corresponding to the installer that you would like to use/download where this API is called. This API will get the download for ThreatLocker using the fields in the body below. If looking to get the installer for a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below. The response is returned in base 64 which we then use the atob function to blob the string. From there, we send it to the browser for download.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • Fields
    • platform: This field determines the architecture of the computer that this call will return the install file for. For MAC and Linux installers, leave this field as "". For Windows XP Installers, use either X86 or "". Otherwise, this field expects one of the options below to be entered:
      • x64
      • x86
    • brand: This field always expects the text "Threatlocker" to be entered.
    • apiKey: This field is used to specify the install key from the selected computer group you want to install into.
      • Expects: Text of the install key
    • fileType: This field is used to specify the file type that will be returned. Be sure to use the name in between the "" from the options below and be sure the fileType typed into your body matches exactly to one of the options below. For instance, if looking to get the Stub Installer, use "stub" in this field. Listed below are the options that this field expects:
      • Stub Installer = "stub"
      • MSI Installer = "windows"
      • PowerShell Script = "pssscript"
      • PKG File = "mac"
      • Debian = "debian"
      • Redhat = "redhat"
      • Windows XP = "windowsxp"
      • Remediator Service Installer = "remediation"
  • Required body:

• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers
  • Install Computers

ComputerSignedScriptDownload

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerSignedScriptDownload

• Method: GET
• Description: This API is used on the Devices page in the ThreatLocker Portal when selecting from the "Computer Options" hamburger dropdown next to "Install Computer", clicking the "Get Logon Script" button, and then clicking the "Signed Version" button that will call this API to download the signed version of the ThreatLockerVerifier (ThreatLockerVerifier.exe). This file is used for checking if ThreatLocker is installed on computers in an RMM/GPO environment. If any computers without ThreatLocker are found, their information is uploaded to the ThreatLocker Portal under the "Not Installed" tab on the Devices page. Use this in association with the logon batch script that can be located/downloaded either through the ThreatLocker Portal or by using the ComputerSamplePathDownload API below. The response is returned in base 64 which we then use the atob function to blob the string. From there, we send it to the browser for download.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • brand: This field always expects the text "Threatlocker" to be entered.
• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers
  • Install Computers

ComputerSamplePathDownload

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerSamplePathDownload

• Method: GET
• Description: This API is used on the Devices page in the ThreatLocker Portal when selecting from the "Computer Options" hamburger dropdown next to "Install Computer", clicking the "Get Logon Script" button, and then clicking the "Sample Batch" button that will call this API to download the batch script (sample.bat). This script can call either version of the ThreatLockerVerifier which is used for checking if ThreatLocker is installed on computers in an RMM/GPO environment. If any computers without ThreatLocker are found, their information is uploaded to the ThreatLocker Portal under the "Not Installed" tab on the Devices page. Be sure the file paths used inside the script will be able to find and execute the ThreatLockerVerifier file to successfully check if ThreatLocker is installed on the computer(s). The response is returned in base 64 which we then use the atob function to blob the string. From there, we send it to the browser for download.

• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • brand: This field always expects the text "Threatlocker" to be entered.
  • authKey: This field expects the authKey from the organization to be entered. Each organization has a different authKey value. This value can be found by using the OrganizationGetAuthKeyById API located within the KB article below:

/portalAPI/Organization/* | ThreatLocker Help Center

• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers
  • Install Computers

ComputerUnSignedScriptDownload

https://portalapi.INSTANCE.threatlocker.com/portalapi/Computer/ComputerUnSignedScriptDownload

• Method: GET
• Description: This API is used on the Devices page in the ThreatLocker Portal when selecting from the "Computer Options" hamburger dropdown next to "Install Computer", clicking the "Get Logon Script" button, and then clicking the "Unsigned Version" button that will call this API to download the unsigned version of the ThreatLockerVerifier (ThreatLockerVerifier-Unsigned.exe). This file is used for checking if ThreatLocker is installed on computers in an RMM/GPO environment. If any computers without ThreatLocker are found, their information is uploaded to the ThreatLocker Portal under the "Not Installed" tab on the Devices page. Use this in association with the logon batch script that can be located/downloaded either through the ThreatLocker Portal or by using the ComputerSamplePathDownload API above. This version is smaller than the signed version. The response is returned in base 64 which we then use the atob function to blob the string. From there, we send it to the browser for download.
• Required Body/Parameters
  • Valid APIKey/Authorization Token in header
  • brand: This field always expects the text "Threatlocker" to be entered.
• Optional Body/Parameters
  • N/A
• Permissions Needed for User
  • Edit Computers
  • Install Computers