Documentation Index

Fetch the complete documentation index at: https://docs.zpesystems.com/llms.txt

Use this file to discover all available pages before exploring further.

ZPE Cloud API Resources

Prev Next

ZPE Cloud provides an embedded Representational State Transfer (RESTful) API. This includes API calls to access and modify the ZPE Cloud configuration. Once configured, the REST-based interface is enabled for the users to:

  • Submit the requests supporting GET, POST, UPDATE/PUT, and DELETE operations. Use POST requests to submit the commands to the server. Use GET to retrieve information from the server. Use UPDATE/PUT to modify the parameter values. Use DELETE to delete a user or device from the site, group, profile, backup, or organization.

  • Retrieve configured data in JSON format.

  • Use endpoints, which interact with the API to perform various operations. Each endpoint corresponds to a particular function. For example, user_authenticate is the endpoint for a user to log into the application.

API Documentation Reference

Users can execute the API calls using the REST API GUI explorer provided via ZPE Cloud. For API developers, ZPE Cloud API resources are available here:

To access the REST API GUI explorer use the following steps:

  1. Log in to the ZPE Cloud application.

  2. Enter your credentials.

  3. Click About.

  4. Select the applicable API. For example, for the user authentication API, select User API. You will be navigated to the page containing the list of APIs for that function.

  5. On the left panel, click the right arrow to display API calls for that function. You can also perform a search with the API name.

Base URL

The ZPE Cloud APIs are available via a secure HTTPS connection. The base URL for all the ZPE Cloud functions is:

https://api.zpecloud.com ( For US users)
https://api.zpecloud.eu (For EU Cloud users)

Response Codes

Other status code and non JSON replies might be returned in an API request. If the response is not JSON, means the middleware failed (network, security, throttle) or an unhandled error happened. Potentially related to:

  1. Reachability: Check if you are using the correct endpoint (404), API domain, network issue, SSL traffic inspection blocked the request.

  2. Gateways and Security layers: Check if you are being blocked by security layer (403), rate limit (429).

  3. API errors or availability: Check for Internal server error (500), Bad Gateway (502), Service Unavailable (503), Gateway timeout (504).

ZPE Cloud APIs use the following response codes:

200 - OK

  1. Operation concluded with success;

201 - CREATED

  1. Operation concluded with success and created an entry;

202 - ACCEPTED

  1. Request with too many entries is accepted and will execute async;

  2. Request that will take too long is accepted and will execute async;

204 - NO CONTENT

  1. There is no content to send for this request, but it succeeded;

400 - BAD REQUEST

  1. Missing data to process the request;

  2. Request with wrong data format (expected JSON);

  3. Values provided with wrong format;

  4. Values provided with invalid fields;

401 - UNAUTHORIZED

  1. Mandatory authorization field missing;

  2. Invalid credentials

  3. Missing cookie;

  4. Missing Bearer token;

403 - FORBIDDEN

  1. Permissions disabled;

  2. Authentication credentials are not provided;

404 - NOT FOUND

  1. Could not find searched entry;

405 - METHOD NOT ALLOWED

  1. HTTP method exists but is disabled;

406 - NOT ACCEPTABLE

  1. Media type is wrong.

  2. Upload of XML when expects json;

  3. Upload of png when expects ISO;

  4. Upload of png when expects tgz;

408 - REQUEST TIMEOUT

  1. Server replied with timeout to request. This happens if Haproxy timeout is bigger than server timeout;

409 - CONFLICT

  1. Indicates a request conflict with the current state of the target resource.

  2. It may be related with race conditions, where a user tries to update a state, but the object was already changed by another user, making the change incompatible.

412 - PRECONDITION FAILED

  1. Header conditions from client were not matched.

422 - UNPROCESSABLE ENTITY

Tip: Use it when the whole request, data and operation is valid, but the bussiness logic does not allow you to proceed.

  1. Request is authorized, data is valid and right format, but the operation cannot be executed due state of resource (machine state controls)

  2. Entry already exists;

  3. Entry is already on this state;

  4. Entry cannot go to this state;

  5. Entry returned is duplicated (for cases expecting a single entry);

423 - LOCKED

  1. The service isn't available to access

    1. eg. locked by the company

500 - INTERNAL SERVER ERROR

  1. Service crashed;

501 - NOT IMPLEMENTED

  1. HTTP Method is not implemented by the server;

502 - BAD GATEWAY

  1. Invalid response from server to haproxy;

  2. Invalid response content type from server to request

503 - SERVICE _UNAVAILABLE

  1. Services are down;

  2. Middleware is down;

  3. Google Cloud Platform is down;

  4. Service is under Scheduled Maintenance

504 - GATEWAY TIMEOUT

  1. Timeout as havent receive a reply from server to close the request; (usually related to unhandled errors)

507 - INSUFICIENT STORAGE

  1. No storage for the new request;

  2. No new backup can be added due max license size reached;

  3. Giant backup cannot be stored;

Service Accounts API Usage

This section shows how to use Service Accounts to get information or execute actions in ZPE Cloud through API.

Service Accounts is the preferred method to automate actions in ZPE Cloud. A service account is a special type of non-human account used by applications, workloads, or system components to authenticate and interact with ZPE Cloud APIs without user intervention. Instead of representing a person, it represents an identity for a process that can a perform an action and its authentication in ZPE Cloud uses an API key.

How to use Service Accounts in API: API Key or OAuth 2.0.

There are two forms to use Service Accounts via API, either through an API Key or OAuth 2.0.

Service accounts are authenticated using API keys provided on the header of the REST API request with the following format: 'Authorization: Bearer <API Key>'. In which, the <API Key> can be replaced by your actual Service Account key. Example below:

API Key:'Authorization: Bearer zpe_cloud_FaaBBqaSS7SrOnKrq2KS3sFW19S9oB0s9Q0xrLXs5e8'

OAuth 2.0:'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM'

Note

Service accounts do not require a login in ZPE Cloud and actions can be performed with a single REST API request.

Service Accounts API examples

This section shows the process of interacting with the ZPE Cloud company's API using cURL or Python for basic operations such as:

  1. Logging into the Cloud company using company credentials.

  2. Performing a series of API requests: a POST request to add a new group to the company, a GET request to verify the successful addition of the group, a PUT request to edit the newly created group, and a DELETE request to remove the group.

  3. Logging out from the ZPE Cloud company.

All Device Logs Collection Example

cURL example with API Key:

curl -H 'Authorization: Bearer zpe_cloud_FaaBBqaSS7SrOnKrq2KS3sFW19S9oB0s9Q0xrLXs5e8' -i 'https://api.zpecloud.com/device/logs?start_date=2026-01-03&end_date=2026-03-03&offset=0&limit=10'

cURL example with OAuth 2.0:

curl -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' -i 'https://api.zpecloud.com/device/logs?start_date=2026-01-03&end_date=2026-03-03&offset=0&limit=10'

Python Example API Key:

Note

A good practice for automating API actions is to confirm that the response status code is the expected one and the text reply is in JSON format. Non JSON replies can indicate failures on the API action and a teardown to revert or handle partial actions is recommended.

#!/bin/env python3
import requests
from datetime import datetime
from dateutil.relativedelta import relativedelta
from sys import exit

current_datetime = datetime.now()
previous_time = current_datetime - relativedelta(days=1)

session = requests.Session()

headers = {'Authorization': 'Bearer zpe_cloud_FaaBBqaSS7SrOnKrq2KS3sFW19S9oB0s9Q0xrLXs5e8', 'Accept': 'application/json', 'Content-Type': 'application/json'}
r = session.get(f"https://api.zpecloud.com/device/logs?start_date={previous_time.date().isoformat()}&end_date={current_datetime.date().isoformat()}&offset=0&limit=10", headers=headers)
# URL will be like "https://api.zpecloud.com/device/logs?start_date=2026-03-25&end_date=2026-03-26&offset=0&limit=10"
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")

# If the response is not JSON, means the middleware failed (network, security, throttle) or an unhandled error happened.
# Reachability: Check if you are using the correct endpoint (404), API domain, network issue, SSL traffic inspection blocked the request.
# Gateways and Security layers: Check if you are being blocked by security layer (403), rate limit (429).
# API errors or availability: Check for Internal server error (500), Bad Gateway (502), Service Unavailable (503), Gateway timeout (504).
if r.headers and r.headers['Content-Type'] != 'application/json':
    print(f"Response is not in json format. Check if request is able to reach ZPE Cloud. Status code: {r.status_code}. Response: {r.text}.")
    exit(1)
elif r.status_code < 200 and r.status_code > 299:
    print(f"Response is json but the status code indicates failure. Check the error on the response. Status code: {r.status_code}. Response: {r.text}.")
    exit(1)

Python Example OAuth 2.0:

#!/bin/env python3
import requests
from datetime import datetime
from dateutil.relativedelta import relativedelta

current_datetime = datetime.now()
previous_time = current_datetime - relativedelta(days=1)

session = requests.Session()

headers = {'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM', 'Accept': 'application/json', 'Content-Type': 'application/json'}
r = session.get(f"https://api.zpecloud.com/device/logs?start_date={previous_time.date().isoformat()}&end_date={current_datetime.date().isoformat()}&offset=0&limit=10", headers=headers)
# URL will be like "https://api.zpecloud.com/device/logs?start_date=2026-03-25&end_date=2026-03-26&offset=0&limit=10"
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")

# If the response is not JSON, means the middleware failed (network, security, throttle) or an unhandled error happened.
# Reachability: Check if you are using the correct endpoint (404), API domain, network issue, SSL traffic inspection blocked the request.
# Gateways and Security layers: Check if you are being blocked by security layer (403), rate limit (429).
# API errors or availability: Check for Internal server error (500), Bad Gateway (502), Service Unavailable (503), Gateway timeout (504).
if r.headers and r.headers['Content-Type'] != 'application/json':
    print(f"Response is not in json format. Check if request is able to reach ZPE Cloud. Status code: {r.status_code}. Response: {r.text}.")
    exit(1)
elif r.status_code < 200 and r.status_code > 299:
    print(f"Response is json but the status code indicates failure. Check the error on the response. Status code: {r.status_code}. Response: {r.text}.")
    exit(1)

Curl examples

These step-by-step instructions will ensure you understand how to manage groups within the ZPE Cloud company's environment using API calls through cURL tool.

NOTE:

It is recommended to use Linux command prompts, such as those in Ubuntu, to execute these commands. Using Windows can cause issues with extra characters, such as backslashes \ and line breaks, which you will need to remove for the commands to work correctly.

Make sure to have cURL installed on your system to accomplish the commands.

Getting the List of Groups

Execute the following command to get the list of groups:

curl -i -X GET 'https://api.staging-zpecloud.com/group' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' \
--header 'Content-Type: application/json'

Adding a Group

Execute the following command to add a group:

curl -i -X POST 'https://api.zpecloud.com/group' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' \
--header 'Content-Type: application/json' \
--data '{"name": "group_test", "access_level": "1"}'

Getting a Group

Execute the following command to get a group data using the group ID:

curl -i -X GET 'https://api.staging-zpecloud.com/group/64598' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' \
--header 'Content-Type: application/json'

Editing a Group

Execute the following command to edit group using the group ID:

curl -i -X PUT 'https://api.staging-zpecloud.com/group/64598' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' \
--header 'Content-Type: application/json' \
--data '{"name": "group_test_edited", "access_level": "3"}'

Deleting a Group

Execute the following command to delete a group:

curl -i -X DELETE 'https://api.staging-zpecloud.com/group/64598' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' \
--header 'Content-Type: application/json'

Legacy API USER Authentication

The documentation and examples bellow refer to the API interaction using the legacy API Authentication method of logging, interacting with ZPE Cloud API and logging out as a user instead of using Service Accounts.

Note

API Authentication using cookies is a legacy authentication method in ZPE Cloud API, please refer to Service Accounts tab and how to use Services Accounts in ZPE Cloud API. Service accounts log under TRACKING::LOGS tab every request performed to the ZPE Cloud API providing higher traceability and visibility of the actions performed into your company.

Note

For legacy API User Authentication, a logout is required to finish the previous API session or it will wait the session idle timeout.

Login Endpoint

Endpoint: /user/auth - This is the endpoint for user login into the application.

Method: POST

Payload data:

{
  "email": "user1@example.com",
  "password": "pwd@1234"
}

Response:

{
  "id": 2, "username": "user1", "email": "user1@example.com", "first_name": "testuserfn", "last_name": "testuserln",
  "type": "CA", "first_access": true, "creation_type": "local", "company": "ABC", "companies_count": "1",
  "setup_pwd": "pwd@1234", "session_timeout": 10, "access_level": "3"
}

The following table shows the list of values you may see in the response.

Parameter

Description

id

User ID of the user logged into the ZPE Cloud.

username

Name of the user to log in to the ZPE Cloud.

email

Email address of the user registered for the ZPE Cloud account.

first name

First name of the user registered for ZPE Cloud.

last name

Last name of the user registered for ZPE Cloud.

type

User type logged into the ZPE Cloud. Includes types such as CA, SA, and GA.

first-access

Determines if a user is logged into the ZPE Cloud for the first time.

creation-type

Determine if a user is a local user or a remote user.

company

Name of the company to which the user is registered.

companies_count

Number of companies to which the user is registered in ZPE Cloud.

setup-pwd

Password to log into the ZPE Cloud.

session timeout

Inactivity session timeout.

access_level

Defines if users have access level: 0- Super Admin; 1- User; 2- Operator; 3- Administrator

Logout endpoint

Endpoint: /user/logout - This is the endpoint for user logout from the application.

Method: POST

Payload data: Not applicable

Response:

{}

Legacy Examples

This section shows the process of interacting with the ZPE Cloud company's API using cURL or Python for basic operations such as:

  1. Logging into the Cloud company using company credentials.

  2. Performing a series of API requests: a POST request to add a new group to the company, a GET request to verify the successful addition of the group, a PUT request to edit the newly created group, and a DELETE request to remove the group.

  3. Logging out from the ZPE Cloud company.

Note

Requests to company related data and devices requires Authentication on ZPE Cloud, this way, the login to API is the first step required to execute the following up requests.

Remember to logout from the API at the end of the steps in order to avoid keeping an unused session opened.

cURL Examples

These step-by-step instructions will ensure you understand how to manage groups within the ZPE Cloud company's environment using API calls through cURL tool.

NOTE:

It is recommended to use Linux command prompts, such as those in Ubuntu, to execute these commands. Using Windows can cause issues with extra characters, such as backslashes \ and line breaks, which you will need to remove for the commands to work correctly.

Make sure to have cURL installed on your system to accomplish the commands.

About Cookies

The Cookie for ZPE Cloud can be retrieved at the login request. The --cookie-jar and --cookie options can be replaced by the ‘Cookie’ on header of the request, such as:

--header "Cookie: session=uwfmzdngvgw2n5whta73japizga7u53w;"

Logging to ZPE Cloud

  1. Open the command prompt from your Operational System.

  2. Execute the following command to log into the ZPE Cloud:

    curl -i -X POST 'https://api.zpecloud.com/user/auth' \
    --header 'Content-Type: application/json' \
    --data '{"email": "doc-user.01@zpesystems.com", "password": "-2g3#h&Y}v=4[h|G}lkjhBkk}k[t8<PP&bgDxFVUj$)T*bG^.Qu"}' \
    --cookie-jar cookiefile

  3. Copy the set-cookie parameter value. See the above screenshot. The cookie is used in the header in the following operations.

Getting the List of Groups

Execute the following command to get the list of groups:

curl -i -X GET 'https://api.staging-zpecloud.com/group' \
--header 'Content-Type: application/json' \
--cookie cookiefile

Adding a Group

Execute the following command to add a group:

curl -i -X POST 'https://api.zpecloud.com/group' \
--header 'Content-Type: application/json' \
--data '{"name": "group_test", "access_level": "1"}' \
--cookie cookiefile

Getting a Group

Execute the following command to get a group data using the group ID:

curl -i -X GET 'https://api.staging-zpecloud.com/group/64598' \
--header 'Content-Type: application/json' \
--cookie cookiefile

Editing a Group

Execute the following command to edit group using the group ID:

curl -i -X PUT 'https://api.staging-zpecloud.com/group/64598' \
--header 'Content-Type: application/json' \
--data '{"name": "group_test_edited", "access_level": "3"}' \
--cookie cookiefile

Deleting a Group

Execute the following command to delete a group:

curl -i -X DELETE 'https://api.staging-zpecloud.com/group/64598' \
--header 'Content-Type: application/json' \
--cookie cookiefile

Logging out from ZPE Cloud

Execute the following command to log out from ZPE Cloud:

curl -i -X POST 'https://api.staging-zpecloud.com/user/logout' \
--header 'Content-Type: application/json' \
--cookie cookiefile

Legacy Python Examples

These step-by-step instructions will ensure you understand how to manage groups within the ZPE Cloud company's environment using API calls through Python.

Note

It is recommended to use Python3 for the requests. Make sure Session library is installed on your system.

Logging in ZPE Cloud

Create a session to re-use the cookie parameter:

#!/bin/env python3
 
import requests

session = requests.Session()

headers = {'Accept': 'application/json, text/xml'}
payload = {"email": "doc-user.01@zpesystems.com", "password": "-2g3#h&Y}v=4[h|G}lkjhBkk}k[t8<PP&bgDxFVUj$)T*bG^.Qu"}
r = session.post("https://api.zpecloud.com/user/auth", headers=headers, data=payload)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")

#[...continuation]

Getting List of Groups

Execute the following request to get the list of groups:

#[...continuation]

headers = {'Accept': 'application/json, text/xml', 'Content-Type': 'application/json'}
r = session.get("https://api.zpecloud.com/group", headers=headers)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")

#[...continuation]

Logging out from ZPE Cloud

Execute the following request to log out from ZPE Cloud:

#[...continuation]

headers = {'Accept': 'application/json, text/xml', 'Content-Type': 'application/json'}
r = session.post("https://api.zpecloud.com/user/logout", headers=headers)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")

Full script

#!/bin/env python3
 
import requests

session = requests.Session()

headers = {'Accept': 'application/json, text/xml'}
payload = {"email": "doc-user.01@zpesystems.com", "password": "-2g3#h&Y}v=4[h|G}lkjhBkk}k[t8<PP&bgDxFVUj$)T*bG^.Qu"}
r = session.post("https://api.zpecloud.com/user/auth", headers=headers, data=payload)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")

headers = {'Accept': 'application/json, text/xml', 'Content-Type': 'application/json'}
r = session.get("https://api.zpecloud.com/group", headers=headers)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")

headers = {'Accept': 'application/json, text/xml', 'Content-Type': 'application/json'}
r = session.post("https://api.zpecloud.com/user/logout", headers=headers)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")