This documentation supports the 11.3 version of BMC Discovery.

To view an earlier version of the product, select the version from the Product version menu.


The XML API enables users to interrogate the datastore using a script or program, and receive data back as a stream of XML, an empty string, or a return code. 


Additional permissions are required for XML and CSV APIs. The permission required to access the CSV and XML API has changed. You need to grant the new API access permission (api-access group), or update group permissions to include the api/access permission for users who require access to the CSV and XML web APIs. Existing integrations will fail if you do not add the permission.

We recommend the use of REST API for new integrations as it provides more control when retrieving data, and provides a range of additional features across its endpoints.


The XML API is intended to be used by a script or program. It can also be accessed using a browser, or using the wget command, though these would generally be used for testing. The following section describes the parameters required and values returned when using the XML API. The query is specified as a URL of the form:


If you are using an appliance with HTTPS redirection enabled, you must use an HTTPS URL in your scripts. The redirection script changes the HTTP request and the script will not work. To enable or disable HTTPS redirection, see Configuring HTTPS settings. The URL is entered on a single line. In these examples, appliance is the resolvable hostname or IP address of the appliance, search_string is a query string as recognized by the datastore, username and password are the user name and password of the BMC Discovery user.

Security considerations

During a typical HTTP request to the XML API, the username and password is visible in plain text and can be recovered in order to gain unauthorized access to the BMC Discovery user interface.
We recommend that you always use HTTPS access so that the username and password are not in plain text. Always use a dedicated, read-only account for queries, and never use a high level account such as 'system'.

HTML URL Encoding

When constructing a URL string, care must be taken to properly encode characters that are not allowed in a URL, for example spaces:
A reference of encodings can be found here.

Was this page helpful? Yes No Submitting... Thank you