The Control-M Automation API allows you to automate and work interactively with Control-M. Services are groups of API commands available via either a CLI (Command Line Interface) or as REST API commands. Using the services, you can build job definitions to test whether they are valid, test-run a job to debug job definitions , combine multiple definition files into a package, deploy job definitions and packages to Control-M, provision an agent, manage environments, and more.

The following sections on this page will help you get started working with the Control-M Automation API services:

The various services provided in Control-M Automation API are described in the following pages:

Using the CLI

The CLI allows you to work interactively or write scripts for automation. To access the CLI, open a terminal or command window and enter ctm. The first-level help is displayed, verifying that the CLI is properly installed. See Setting up the API.

help:    Display help for a given command
help:      help [command]
help:    Commands:
help:      archive          Control-M Workload Archiving operations
help:      authentication   Creates and manages authentication tokens in Control-M
help:      build            Compile definitions to verify they are valid for Control-M
help:      config           Configure the Control-M environment
help:      deploy           Submit definitions to Control-M
help:      documentation    Get documentation
help:      environment      Define and select the Control-M environment
help:      package          Package a directory of definition files into a deployable archive
help:      provision        Install Control-M components
help:      reporting        Generate Control-M reports
help:      run              Run and track Control-M jobs
help:    Options:
help:      -h, --help     output usage information
help:      -v, --version  output the application version

Getting Help

The CLI has built-in help. The following table provides instructions on obtaining the help at the various levels of the API functions.

Level of helpCLI command
Main Help page
for all services

One of the following:

ctm (with no further parameters)

ctm -h

Specific service

One of the following:

ctm <ServiceName>

ctm <ServiceName> -h

Specific commandctm <ServiceName> <CommandName> -h
CLI version displayctm -v

Managing CLI Environments

The first task when starting to work with Control-M Automation API is to configure the Control-M environment that you are going to use. An environment is a combination of a REST API endPoint and token. More than one environment can be configured. You can also configure one environment as the default.

An endPoint looks like the following: 


The Helix Control-M endpoint host has the following format:  <tenant-name>

The command below shows how to add an environment named myEnvironment:

ctm environment add myEnvironment "https://<controlmEndPointHost>/automation-api" "keyToken"

Environments are are kept in the user home folder ~/.ctm/env.json on Linux and %USERPROFILE%\.ctm\env.json in Windows. 

Once configured, you can set a default environment for interactive work as follows:

ctm environment set myEnvironment
ctm  build  jobs.json		
ctm  run    jobs.json
ctm  deploy jobs.json

To automate multiple Control-M environments, you can specify a specific environment, regardless of the default, using the -e option. 

ctm  deploy jobs.json -e TestEnvironment		
ctm  deploy jobs.json -e QAEnvironment

Short Naming of Commands

You do not have to type an entire command, as long as it is unique. Entering a short version will execute the command.

ctm  environment show		
ctm  env 		 show
ctm  env 	     sh

CLI Return Codes

The CLI returns the following codes:

  • 0 on success
  • 1 on failure

The following example runs a Linux bash script that checks for failed deployments based on return codes.

if ! ctm deploy jobs.json; then
     printf '%s\n' 'ctm: failed!' >&2;    

Back to top

Working with the REST API

The REST API allows you to programmatically automate Control-M via REST API requests. Request URIs are composed of a Control-M endPoint and the API command. All requests must include an authentication token in the HTTPS header. To obtain a token, you must use the /authentication/token request.

NOTE: Control-M Automation API comes with a self signed SSL certificate. With all curl commands, you can add -k to not reject the certificate.

Control-M Automation REST API Reference

For the full REST API reference generated with Swagger, go to the following URL: <Automation_API_endpoint>/automation-api

Getting REST specifications as YAML

The REST API server can generate a YAML file that contains specifications of the REST APIs. The URL for the YAML specifications is <Automation_API_endpoint>/yaml.

For more information about how you can use this feature to generate a REST client, see Tutorial 103 in the tutorial samples provided through GitHub.


To run API commands, you must have tokens for user authentication. You create your first API token through the Helix Control-M user interface.

After generating your first token, you can generate additional tokens for your user using a POST /authentication/token request. As the input, token definitions are submitted in a .json payload file.

On success, the request returns a token value, as well as several additional token properties.

    tokenName: "emuser1-token",
    tokenValue: "E14A4F8E45406977B31A1B091E5E04237D81C91B47AA1CE0F3FFAE252AEFE63ADE18231A2DA0A8E8AE76D7C3CCBA0B7",
    tokenType: "user",
    lastUpdatedDate: "2020-12-02 01:02:03",
    createdDate: "2020-12-02 01:02:03",
    roles: ["admin","user"]

All API calls require the HTTPS header 'x-api-key' + token.  For example:

x-api-key: E14A4F8E45406977B31A1B091E5E04237D81C91B47AA1CE0F3FFAE252AEFE63ADE18231A2DA0A8E8AE76D7C3CCBA0B7


On success, REST returns status 200.

On failure, REST returns the following HTTPS status codes:

  • 400 stands for errors in the request data.
  • 403 is returned when a user is not authorized to perform a specific action or use a specific resource. 
  • 404 is returned when the defined item was not found.
  • 405  is returned when submitting an unrecognized REST method.
  • 500 is for an internal error in the server.

Note: Return code 403 is gradually replacing return code 500 in the relevant scenarios.

JSON Returned on Error

In case of error, the returned JSON contains an array of errors in the following format:

  message: string, // The text of the error
  id: number, // An internal identifier of the error (e.g. rule number in case of validation error)
  item: string, // The item referenced in the error (if relevant)
  file: string, // Error location file
  line: number, // Error location line number
  col: number // Error location column number

For example, an error response to /build API:

	"errors": [
			"message": "MainArguments is an unknown keyword therefore it is assumed to be a an object, but it has no object syntax",
			"file": "Spark.json",
			"line": 5,
			"col": 22
			"message": "SparkCommandLineOptions is an unknown keyword therefore it is assumed to be a an object, but it has no object syntax",
			"file": "Spark.json",
			"line": 9,
			"col": 32

Back to top

REST Verbs

The following verbs are used:

GET resource 

The following example shows how to GET specific resource data using bash and curl:

# Get list of servers
curl -H "x-api-key: $token" "$endpoint/config/servers"
#Get list of hostgroups of a specific $
curl -H "x-api-key: $token" "$endpoint/config/server/$server/hostgroups"

The following example shows how to GET specific resource data using Python:

import requests  # pip install requests if you don't have it already
import urllib3

urllib3.disable_warnings() # disable warnings when creating unverified requests 

endPoint = 'https://<controlmEndPointHost>/automation-api'
r = requests.get(endPoint + '/config/servers', headers={'x-api-key': token}, verify=False) 

exit(r.status_code ==

POST a new resource

The following example shows how to POST new resource data:

# Adding a new agent to a hostgroup 

curl -H "x-api-key: $token" -H "Content-Type: application/json" -X POST -d '{"host":"$agent"}'  $endpoint/config/server/$server/hostgroup/$hostgroup/agent"

POST to upload a file

The following example shows how to POST a new file of data in bash and curl.

# deploy job definition file 
curl -H "x-api-key: $token" -X POST  -F "definitionsFile=@examples/AutomationAPISampleFlow.json" "$endpoint/deploy"

The following example shows how to POST a new file of data with Python:

import requests  # pip install requests if you don't have it already
import urllib3

urllib3.disable_warnings() # disable warnings when creating unverified requests 
endPoint = 'https://<controlmEndPointHost>/automation-api'
# -----------------
# Built
uploaded_files = [
        ('definitionsFile', ('Jobs.json', open('c:\\src\Jobs.json', 'rb'), 'application/json'))
r = + '/deploy', files=uploaded_files, headers={'x-api-key': token}, verify=False)
exit(r.status_code ==

PUT to update a resource

The following example shows how to use a PUT verb to update an authentication token:

#updating an authentication token

curl -H "x-api-key: $token" -X PUT "$endpoint/authentication/token" -d @tokenDefinition.json

DELETE a resource

The following example shows how to DELETE a resource:

#deleting an agent from a hostgroup

curl -H "x-api-key: $token" -X DELETE "$endpoint/config/server/$server/hostgroup/$hostgroup/agent/$agent"

Back to top

Difference between REST API and CLI Syntax

The CLI and API can execute the same commands, but use different syntax to represent the commands. The REST APIs are expressed in path notation, while the CLI commands are structured differently. The following examples illustrate the differences.

Below is an example of getting a list of host groups from the server. The name of the server is a parameter that is part of the resource URL of the REST API call.

GET /config/server/{server}/hostgroups

Below is the equivalent CLI command where the resource path is separated using ':'  as in server:hostgroups, the get action is separated using '::', and parameters are defined after the action.

>ctm config server:hostgroups::get <server> 

Annotation input

When you run certain API commands, you must include a free-text annotation within the command to justify your action. This requirement depends on whether annotation was enabled for the specific category of actions through the system parameters in Control-M, as described in Defining System Settings in the Helix Control-M Online Help.

To provide annotation input in API commands, use the following guidelines:

CLI command

Include the -a option and provide values for a pair of fields, subject and description.

For example:

ctm run workloadpolicy::activate WP1
-a "subject=Workload update&description=Activating WP1"

REST API command

Use the -H option to include a pair of custom headers, Annotation-Subject and Annotation-Description.

For example:

curl -H "x-api-key: %token%" -H "Content-Type: application/json"
-H "Annotation-Subject: Workload update" -H "Annotation-Description: Activating WP1"

Back to top

Checking REST API server status

To get Automation API server status, you can use the following URL:


Status information includes details of server uptime along with defined server properties, as in the following sample response:

automation-api server (emrestsrv) is up and running for 7 days and 6 hours (since Mon Jul 22 12:51:31 UTC 2019)

Server properties:

Back to top

Obtaining Automation API license information

To get Automation API license information, you can use the following URL:


Back to top

Related information

For more information about Helix Control-M, see the Helix Control-M Online Help.

Was this page helpful? Yes No Submitting... Thank you