The CSV API enables users to interrogate the datastore using a script or program, and receive data back as a stream of CSV (comma separated values) text, an empty string, or a return code.
The CSV API is intended to be used by a script or program. It can also be accessed using a browser, or using the wget command, though these would generally be used for testing. When using a URL you should ensure that the the entire URL is properly encoded. For example, special characters in the password might require encoding. The following section describes the parameters required and values returned when using the CSV API. The query is specified as a URL of the form:
If you are using an appliance with https redirection enabled, you must use an https URL in your scripts. The redirection script changes the http request and the script will not work. To enable or disable https redirection, see Configuring HTTPS settings.
The URL is entered on a single line. In these examples,
appliance is the resolvable hostname or IP address of the appliance,
search_string is a query string as recognized by the data store,
password are the user name and password of the BMC Atrium Discovery user.
During a typical HTTP request to the CSV API, the username and password is visible in plain text and can be recovered in order to gain unauthorised access to the BMC Atrium Discovery user interface.
To mitigate this, follow two security best practices:
- Always use a dedicated, read-only account for queries, and never use a high level account such as 'system'.
- Always use https access so that the username and password are not in plain text.
HTML URL Encoding
When constructing a URL string, care must be taken to properly encode characters that are not allowed in a URL, for example spaces: https://appliance/ui/api/CsvApi?query=Search%20Host%20show%20name&username=username&password=password
A reference of encodings can be found here