The XML API enables users to interrogate the datastore using a script or program, and receive data back as a stream of XML, an empty string, or a return code.
Additional permissions are required for XML and CSV APIs. or update group permissions to include the api/access permission
We recommend the use of REST API for new integrations as it provides more control when retrieving data, and provides a range of additional features across its endpoints.
The XML API is intended to be used by a script or program. It can also be accessed using a browser, or using the wget command, though these would generally be used for testing. The following section describes the parameters required and values returned when using the XML API. The query is specified as a URL of the form:
If you are using an appliance with HTTPS redirection enabled, you must use an HTTPS URL in your scripts. The redirection script changes the HTTP request and the script will not work. To enable or disable HTTPS redirection, see Configuring HTTPS settings. The URL is entered on a single line. In these examples,
appliance is the resolvable hostname or IP address of the appliance,
search_string is a query string as recognized by the datastore,
password are the user name and password of the BMC Discovery user.
During a typical HTTP request to the XML API, the username and password is visible in plain text and can be recovered in order to gain unauthorized access to the BMC Discovery user interface.
We recommend that you always use HTTPS access so that the username and password are not in plain text. Always use a dedicated, read-only account for queries, and never use a high level account such as 'system'.
HTML URL Encoding
When constructing a URL string, care must be taken to properly encode characters that are not allowed in a URL, for example spaces:
A reference of encodings can be found here.