/portalAPI/OverrideCodes/*

8 min. readlast update: 07.13.2026

This article will encompass all portalAPI calls that are related to /portalAPI/OverrideCodes/* endpoints

 

Be sure to input the instance your organization exists on for each call. This is indicated with the "INSTANCE" text in each endpoint. Linked here is a KB to find your instance:

Locating Your Organization's Instance | ThreatLocker Help Center

 

Please note that Managed Override Codes can be created, but can only be used on endpoints running Windows Agent 11.0+ or Mac Agent 11.1+. Default Override Codes are supported on all agent versions and can be retrieved by using the OverrideCodesGetByParameters API below. Linked below is a KB to find more information about Override Code Management.

Override Code Management | ThreatLocker Help Center

 

Table of Contents

OverrideCodesGetByParameters

OverrideCodeInsert

OverrideCodeRevoke

 

OverrideCodesGetByParameters

https://portalapi.INSTANCE.threatlocker.com/portalapi/OverrideCodes/OverrideCodesGetByParameters

  • Method: POST
  • Description: This API is used when navigating to the Assets icon and selecting the Computers page from the popout menu in the ThreatLocker Portal, locating and selecting from the "Computer Options" hamburger dropdown next to "Update Agent Version", and selecting the "Override Code Management" button. This API returns a list of Override Code information depending on the parameters/fields used. To view Override Code information for computers in a different organization than the currently logged-in/managed organization, use the managedOrganizationId header as described below.
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • Fields
      • appliesToId: This field expects the organizationId of the organization from which the Override Code information will be returned.
        • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
      • pageNumber and pageSize: These fields determine how many Overide Code entries will be returned, as if the response were on the Override Code Management page. However, these fields do not follow the same conventions for pageNumber and pageSize as the Portal does (the Portal uses 25, 50, 100, or 500 for pageSize). Any valid integer can be entered, and it will be returned in the selected format. For instance, if there are 5 Override Code entries to be returned, but “pageNumber”: 1 and “pageSize”: 2, 2 entries will be returned per page, and the first two Override Code entries will be returned.
        • Expects: An Integer value
Required body
{
    "appliesToId": "00000000-0000-0000-0000-000000000000",
    "pageNumber": <Integer>,
    "pageSize": <Integer>
}
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
    • Fields
      • includeChildOrganizations: This field determines whether Override Code information from computers in child organizations will be returned. When this field is omitted or set to false, only the Override Code information from the computers in the currently managed organization will be returned. When set to true, Override Code information for all computers across all child organizations will be returned.
        • Expects: true or false
      • searchText: This field allows you to search/narrow the Override Code information returned by inputting any text/details you want to search for. When this field is omitted, all Override Code information will be returned based on the other search fields. When text is entered into this field, it searches results based on where the Override Code Applies To, case-insensitively, effectively using wildcards on either side of the entered text. For example, entering "erv" returns any Override Code where the Applies To object contains the text "erv".
        • Expects: Any text input
      • showOnlyCustomerCodes: This field determines whether only Override Codes created/managed by a ThreatLocker administrator will be returned. When this field is omitted or set to false, all Override Code information will be returned based on the other search fields. When this field is true, only Override Code information from the computers with an Override Code created/managed by a ThreatLocker administrator will be returned.
        • Expects: true or false
Optional body
{
    "appliesToId": "00000000-0000-0000-0000-000000000000",
    "includeChildOrganizations": <Boolean>,
    "pageNumber": <Integer>,
    "pageSize": <Integer>,
    "searchText": "<String>",
    "showOnlyCustomerCodes": <Boolean>
}
  • Permission Requirements
    • Assign any one of the following permissions:
      • Manage Override Codes
      • View Override Codes

 

OverrideCodeInsert

https://portalapi.INSTANCE.threatlocker.com/portalapi/OverrideCodes/OverrideCodeInsert

  • Method: POST
  • Description: This API is used when navigating to the Assets icon and selecting the Computers page from the popout menu in the ThreatLocker Portal, locating and selecting from the "Computer Options" hamburger dropdown next to "Update Agent Version", selecting the "Override Code Management" button, selecting the "+ New Override Code" button, entering new Managed Override Code details, and selecting "Create". This API creates Managed Override Codes in your organization. To create a new Managed Override Code for computers in a different organization than the currently logged-in/managed organization, use the managedOrganizationId header as described below.

 

Note: Ensure the managedOrganizationId matches where the new Managed Override Code will be created. For example, when creating a new Managed Override Code for a computer in a child organization, ensure the managedOrganizationId header is used and set to the organizationId of the child organization where the computer exists.

 

  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • Fields
      • appliesToId: This field determines where the new Managed Override Code will be applied. This field corresponds to the "Applies To" section of the "New Override Code" window in the Portal. Any valid organizationIdcomputerGroupId, or computerId can be entered. For instance, if looking to apply the Override Code at the computer group level, enter the computerGroupId into this field. The ID entered into this field must correspond to the type specified in the appliesToType field below.
        • Expects a GUID in format: "00000000-0000-0000-0000-000000000000"
      • appliesToType: This field specifies the type of ID used in the appliesToId. This field expects the Integer value corresponding to the selected ID type and must correspond to the type of ID specified by the appliesToId field above.
        • Organization = 1
        • Computer Group = 2
        • Computer = 3
      • noTimeLimit: This field determines whether the new Managed Override Code will have no expiration. When this field is set to false or omitted, the usageLimitMinutes field must be used. When set to true, the Override Code will remain valid until the Override is manually ended on the computer. This field should not be used at the same time as the usageLimitMinutes field.
        • Expects: true or false
      • usageLimitMinutes: This field determines how many minutes the new Managed Override Code can be used on the computer after an Override starts. When this field is omitted, the Override Code expects the noTimeLimit field to be used and set to true. This field should not be used at the same time as the noTimeLimit field.
        • Expects: Any Integer value from 1 through 2,147,483,647
Required body
{
    "appliesToId": "00000000-0000-0000-0000-000000000000",
    "appliesToType": <Integer>,
    "noTimeLimit": <Boolean>,
    "usageLimitMinutes": <Integer>
}
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Permission Requirements
    • Assign the following permission:
      • Manage Override Codes

 

OverrideCodeRevoke

https://portalapi.INSTANCE.threatlocker.com/portalapi/OverrideCodes/OverrideCodeRevoke

  • Method: POST
  • Description: This API is used when navigating to the Assets icon and selecting the Computers page from the popout menu in the ThreatLocker Portal, locating and selecting from the "Computer Options" hamburger dropdown next to "Update Agent Version", selecting the "Override Code Management" button, selecting the checkbox next to one or multiple Managed Override Codes, selecting the "Delete X Codes" button, and selecting the "Yes" button to delete the Managed Override Code(s). This API is also used when clicking the trash can icon next to a Managed Override Code and selecting the "Yes" button to delete one Managed Override Code. This API deletes (revokes) one or more Managed Override Codes in your organization. To delete/revoke Managed Override Codes for computers in a different organization than the currently logged-in/managed organization, use the managedOrganizationId header as described below.
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • In the request body, this API expects one or multiple Integer values that correspond to the managedOverrideCodeId of an Override Code(s) to revoke. The managedOverrideCodeId value can be found by calling the OverrideCodesGetByParameters API.
      • Expects: One or multiple Integer values
Required body
[
    <Integer>,
    <Integer>,
    <Integer>
]
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Permission Requirements
    • Assign the following permission: 
      • Manage Override Codes
Was this article helpful?