Services

The Control-M Automation API allows you to automate and work interactively with Control-M. Services are groups of API commands available via either a CLI (Command Line Interface) or as REST API commands. With these services, you can build job definitions to test whether they are valid, test-run a job to debug job definitions, combine multiple definition files into a package, deploy job definitions and packages to Control-M, provision an Agent, manage environments, and more.

This page will help you get started working with the Control-M Automation API services. The following pages describe each of the services provided in Control-M Automation API:

Build Service: Compiles definitions of jobs, folders, or calendars and verifies their validity.
Deploy Service: Transfers definitions of folders, jobs, or other objects, as well as configuration definitions, to Control-M.
Run Service: Runs jobs and tracks their status, and manages other types of objects used by jobs.
Package Service: Creates a package from a directory of definition files.
Config Service: Manages configuration definitions in your Control-M environment.
Provision Service: Installs and registers Control-M Agents, plug-ins, or Control-M/Servers.
Reporting Service: Generates reports and obtains information about reports set up through Control-M Reports.
Archive Service: Searches through job data archived by Control-M Workload Archiving and obtains job outputs and job logs.
Environment Service: Manages Control-M environments that Control-M Automation API communicates with.
Session Service: Manages API login sessions based on session tokens.
Authentication Service: Manages authentication tokens for running API commands.
Usage Service: Obtains job usage statistics to help you adhere to license constraints.

Using the CLI

The CLI allows you to work interactively or write scripts for automation. To access the CLI, open a terminal or command window and type ctm. The first-level help appears, verifying that the CLI is properly installed.

See Automation API Installation.

Copy

>ctm
help:
help:    Display help for a given command
help:      help [command]
help:
help:    Commands:
help:      archive          Control-M Workload Archiving operations
help:      build            Compile definitions to verify they are valid for Control-M
help:      config           Configure the Control-M environment
help:      deploy           Submit definitions to Control-M
help:      documentation    Get documentation
help:      environment      Define and select the Control-M environment
help:      package          Package a directory of definition files into a deployable archive
help:      provision        Install Control-M components
help:      reporting        Generate Control-M reports
help:      run              Run and track Control-M jobs
help:      session          Manually maintain Control-M user sessions
help:
help:    Options:
help:      -h, --help     output usage information
help:      -v, --version  output the application version

Getting Help

The CLI has built-in help.

The following table provides instructions on how to obtain help at the various levels of the API functions.

Level of Help	CLI Command
Main Help Page for All Services	One of the following: `ctm` (with no further parameters) `ctm -h`
Specific Service	One of the following: `ctm <ServiceName>` `ctm <ServiceName> -h`
Specific Command	`ctm <ServiceName> <CommandName> -h`
CLI Version Display	`ctm -v`

Managing CLI Environments

The first task when starting to work with Control-M Automation API is to configure the Control-M environment that you are going to use. An environment is a combination of a REST API endpoint and API token, or a combination of an endpoint, username, and password. More than one environment can be configured. You can also configure one environment as the default.

An endpoint has the following format:

Copy

https://<controlmEndPointHost>:8443/automation-api

The following command adds an environment named devEnvironment In this command, you include a valid token, as described in Authentication Service.

Copy

ctm environment add devEnvironment "https://<controlmEndPointHost>:8443/automation-api" "<token>"

In the following alternative example for creation of the same environment, username and password are specified (instead of an API token).

Copy

> ctm environment add devEnvironment "https://<controlmEndPointHost>:8443/automation-api" "<ControlmUser>" "<ControlmPassword>"
                 
info:    Environment 'devEnvironment' was created
info:    devEnvironment:
{"endPoint":"https://<controlmEndPointHost>:8443/automation-api","user":"<ControlmUser>"}

Environments are kept in the user home folder ~/.ctm/env.json on Linux and %USERPROFILE%\.ctm\env.json in Windows.

Once configured, you can set a default environment for interactive work as follows:

Copy

ctm environment set devEnvironment
ctm  build  jobs.json
ctm  run    jobs.json
ctm  deploy jobs.json

To automate multiple Control-M environments, you can specify a specific environment, regardless of the default, using the -e option.

Copy

ctm  deploy jobs.json -e TestEnvironment
ctm  deploy jobs.json -e QAEnvironment

Short-Naming of Commands

You do not have to type an entire command, as long as it is unique. Entering a short version will execute the command.

Copy

ctm  environment show
ctm  env         show
ctm  env         sh

CLI Return Codes

The CLI returns the following codes:

0: On success.
1: On failure.

The following example runs a Linux bash script that checks for failed deployments based on return codes.

Copy

#!/bin/bash
if ! ctm deploy jobs.json; then
printf '%s\n' 'ctm: failed!' >&2;
fi

Working with the REST API

The REST API allows you to programmatically automate Control-M via REST API requests. Request URIs are composed of a Control-M endpoint and the API command. All requests must include an authentication token in the HTTPS header, as described in Authentication Tokens.

Control-M Automation API comes with a self-signed SSL certificate. With all curl commands, you can add -k to not reject the certificate.

Control-M Automation REST API Reference

For the full REST API reference generated with Swagger, see REST API reference. This REST API reference is for the newest version of Control-M Automation API, which is backward-compatible with a wide range of versions of Control-M/Enterprise Manager. In addition, you can access a local Swagger reference on your server using the following URL:
https://<endpoint:8443>/automation-api

Getting REST Specifications as YAML

The REST API server can generate a YAML file that contains swagger.io specifications of the REST APIs. The URL for the YAML specifications is <Automation_API_endpoint>/yaml.

For more information about how you can use this feature to generate a REST client, see Tutorial 103 in the tutorial samples provided through GitHub.

Authentication Tokens

You must include an authentication token in the HTTPS header of any API request that you submit. To obtain a token, you can choose between the following methods:

Create an API token for which you specify the expiration date, using the authentication token::create API call. You can also create your first API token through the Control-M user interface. This token type requires Control-M/Enterprise Manager version 9.0.21. Expiration is based on the UTC time zone.
Create a session token that is valid for 30 minutes, using the session login API call.

Session tokens were the only type of token available in previous versions of Control-M Automation API. As of version 9.0.21, BMC recommends using API tokens. As soon as you create the new type of API token, you no longer need to create Session tokens.

Any additional API calls require the inclusion of the token in the HTTPS header.

To specify an API token, use x-api-key: <token>. For example:

Copy

x-api-key: E14A4F8E45406977B31A1B091E5E04237D81C91B47AA1CE0F3FFAE252AEFE63ADE182E5702F5A9131A2DA0A8E8AE76D7C3CCBA0B7

To specify a session token, use Authorization: Bearer <token>. For example:

Copy

Authorization: Bearer E14A4F8E45406977B31A1B091E5E04237D81C91B47AA1CE0F3FFAE252AEFE63ADE182E5702F5A9131A2DA0A8E8AE76D7C3CCBA0B7

REST STATUS Codes

On success, REST returns status 200.

On failure, REST returns the following HTTPS status codes:

400: There are errors in the request data.
403: A user is not authorized to perform a specific action or use a specific resource.
404: The defined item cannot be found.
405: An unrecognized REST method has been submitted.
500: There is an internal error in the server.
503: Service unavailable, soon after a server restart.

Return code 403 is gradually replacing return code 500 in the relevant scenarios.

JSON Returned on Error

In case of error, the returned JSON contains an array of errors in the following format:

Copy

{
message: string, // The text of the error
id: number, // An internal identifier of the error (e.g. rule number in case of validation error)
item: string, // The item referenced in the error (if relevant)
file: string, // Error location file
line: number, // Error location line number
col: number // Error location column number
}

For example, an error response to /build API:

Copy

{
    "errors": [
        {
            "message": "MainArguments is an unknown keyword therefore it is assumed to be a an object, but it has no object syntax",
            "file": "Spark.json",
            "line": 5,
            "col": 22
        },
        {
            "message": "SparkCommandLineOptions is an unknown keyword therefore it is assumed to be a an object, but it has no object syntax",
            "file": "Spark.json",
            "line": 9,
            "col": 32
        }
    ]
}

REST Verbs

The following verbs are used:

GET Resource

The following example shows how to GET specific resource data using bash and curl:

Copy

# Get list of servers
curl -H "x-api-key: $token" "$endpoint/config/servers"
                 
#Get list of hostgroups of a specific $
server=controlm
curl -H "x-api-key: $token" "$endpoint/config/server/$server/hostgroups"

The following example shows how to GET specific resource data using Python:

Copy

import requests  # pip install requests if you don't have it already
import urllib3
 
urllib3.disable_warnings() # disable warnings when creating unverified requests
 
endPoint = 'https://<controlmEndPointHost>:8443/automation-api'
r = requests.get(endPoint + '/config/servers', headers={'x-api-key': token}, verify=False)
 
print(r.content)
print(r.status_code)
exit(r.status_code == requests.codes.ok)

POST a New Resource

The following example shows how to POST new resource data:

Copy

# Adding a new agent to a hostgroup
                 
server=controlm
hostgroup=HostGroup1
agent=myhost2
                 
curl -H "x-api-key: $token" -H "Content-Type: application/json" -X POST -d '{"host":"$agent"}'  $endpoint/config/server/$server/hostgroup/$hostgroup/agent"

POST to Upload a File

The following example shows how to POST a new file of data in bash and curl.

Copy

# deploy job definition file
                 
curl -H "x-api-key: $token" -X POST  -F "definitionsFile=@examples/AutomationAPISampleFlow.json" "$endpoint/deploy"

The following example shows how to POST a new file of data with Python:

Copy

import requests  # pip install requests if you don't have it already
import urllib3
 
urllib3.disable_warnings() # disable warnings when creating unverified requests
 
endPoint = 'https://<controlmEndPointHost>:8443/automation-api'
 
user = '<ControlMUser>'
passwd = '<ControlMPassword>'
 
# -----------------
# login
r_login = requests.post(endPoint + '/session/login', json={"username": user, "password": passwd}, verify=False)
print(r_login.content)
print(r_login.status_code)
if r_login.status_code != requests.codes.ok:
exit(1)
 
token = r_login.json()['token']
 
# -----------------
# Built
uploaded_files = [
('definitionsFile', ('Jobs.json', open('c:\\src\ctmdk\Jobs.json', 'rb'), 'application/json'))
]
 
r = requests.post(endPoint + '/deploy', files=uploaded_files, headers={'x-api-key': token}, verify=False)
 
print(r.content)
print(r.status_code)
 
exit(r.status_code == requests.codes.ok)

PUT to Update a Resource

The following example shows how to use a PUT verb to perform a manual failover on a Control-M/Server:

Copy

#updating a server with a manual failover
                 
server=controlm
curl -H "x-api-key: $token" -X PUT "$endpoint/config/server/$server/failover"

DELETE a Resource

The following example shows how to DELETE a resource:

Copy

#deleting an agent from a hostgroup
                 
server=controlm
hostgroup=HostGroup1
agent=myhost1
                 
curl -H "x-api-key: $token" -X DELETE "$endpoint/config/server/$server/hostgroup/$hostgroup/agent/$agent"

Difference between REST API and CLI Syntax

The CLI and API can execute the same commands, but they use different syntax to represent the commands. The REST APIs are expressed in path notation, while the CLI commands are structured differently. The following examples illustrate the differences.

Below is an example of getting a list of host groups from a Control-M/Server. The name of the Control-M/Server is a parameter that is part of the resource URL of the REST API call.
Copy
```
GET /config/server/{server}/hostgroups
```
Below is the equivalent CLI command where the resource path is separated using the : (colon) character as in server:hostgroups, the get action is separated using :: (two colons), and parameters are defined after the action.
Copy
```
>ctm config server:hostgroups::get <server>
```

Annotation Input

When you run certain API commands, you must include a free-text annotation within the command to justify your action. This requirement depends on whether annotation was enabled for the specific category of actions through the system parameters in Control-M, as described in Defining Audit and Annotation parameters.

The following table describes how to provide annotation input in API commands.

Method	Description
CLI Command	Include the `-a` option and provide values for a pair of fields, `subject` and `description`. Copy `ctm run workloadpolicy::activate WP1 -a "subject=Workload update&description=Activating WP1"`
REST API Command	Use the `-H` option to include a pair of custom headers, `Annotation-Subject` and `Annotation-Description`. Copy `curl -H "x-api-key: %token%" -H "Content-Type: application/json" -H "Annotation-Subject: Workload update" -H "Annotation-Description: Activating WP1" -X POST "%endpoint%/run/workloadpolicy/WP1/activate"`

Method

Description

CLI Command

Include the -a option and provide values for a pair of fields, subject and description.

Copy

ctm run workloadpolicy::activate WP1 
-a "subject=Workload update&description=Activating WP1"

REST API Command

Use the -H option to include a pair of custom headers, Annotation-Subject and Annotation-Description.

Copy

curl -H "x-api-key: %token%" -H "Content-Type: application/json"
-H "Annotation-Subject: Workload update" -H "Annotation-Description: Activating WP1"
-X POST "%endpoint%/run/workloadpolicy/WP1/activate"

Checking REST API Server Status

To get Automation API server status, you can use the following URL:
<Automation_API_endpoint>/status

Status information includes details of server uptime along with defined server properties, as in the following sample response:

Copy

automation-api server (emrestsrv) is up and running for 7 days and 6 hours (since Mon Jul 22 12:51:31 UTC 2022)
                 
Server properties:
port=32081
config.port=32082
workbench=false

Obtaining Automation API License Information

To get Automation API license information, you can use the following URL:
<Automation_API_endpoint>/license