ZPE Cloud provides an embedded Representational State Transfer (RESTful) API. This includes API calls to access and modify the ZPE Cloud configuration. Once configured, the REST-based interface is enabled for the users to:
Submit the requests supporting GET, POST, UPDATE/PUT, and DELETE operations. Use POST requests to submit the commands to the server. Use GET to retrieve information from the server. Use UPDATE/PUT to modify the parameter values. Use DELETE to delete a user or device from the site, group, profile, backup, or organization.
Retrieve configured data in JSON format.
Use endpoints, which interact with the API to perform various operations. Each endpoint corresponds to a particular function. For example, user_authenticate is the endpoint for a user to log into the application.
API Documentation Reference
Users can execute the API calls using the REST API GUI explorer provided via ZPE Cloud. For API developers, ZPE Cloud API resources are available here:
To access the REST API GUI explorer use the following steps:
Log in to the ZPE Cloud application.
Enter your credentials.
Click About.

Select the applicable API. For example, for the user authentication API, select User API. You will be navigated to the page containing the list of APIs for that function.
On the left panel, click the right arrow to display API calls for that function. You can also perform a search with the API name.

Base URL
The ZPE Cloud APIs are available via a secure HTTPS connection. The base URL for all the ZPE Cloud functions is:
https://api.zpecloud.com ( For US users)
https://api.zpecloud.eu (For EU Cloud users)Response Codes
Other status code and non JSON replies might be returned in an API request. If the response is not JSON, means the middleware failed (network, security, throttle) or an unhandled error happened. Potentially related to:
Reachability: Check if you are using the correct endpoint (404), API domain, network issue, SSL traffic inspection blocked the request.
Gateways and Security layers: Check if you are being blocked by security layer (403), rate limit (429).
API errors or availability: Check for Internal server error (500), Bad Gateway (502), Service Unavailable (503), Gateway timeout (504).
ZPE Cloud APIs use the following response codes:
200 - OK |
|
|---|---|
201 - CREATED |
|
202 - ACCEPTED |
|
204 - NO CONTENT |
|
400 - BAD REQUEST |
|
401 - UNAUTHORIZED |
|
403 - FORBIDDEN |
|
404 - NOT FOUND |
|
405 - METHOD NOT ALLOWED |
|
406 - NOT ACCEPTABLE |
|
408 - REQUEST TIMEOUT |
|
409 - CONFLICT |
|
412 - PRECONDITION FAILED |
|
422 - UNPROCESSABLE ENTITY | Tip: Use it when the whole request, data and operation is valid, but the bussiness logic does not allow you to proceed.
|
423 - LOCKED |
|
500 - INTERNAL SERVER ERROR |
|
501 - NOT IMPLEMENTED |
|
502 - BAD GATEWAY |
|
503 - SERVICE _UNAVAILABLE |
|
504 - GATEWAY TIMEOUT |
|
507 - INSUFICIENT STORAGE |
|
Service Accounts API Usage
This section shows how to use Service Accounts to get information or execute actions in ZPE Cloud through API.
Service Accounts is the preferred method to automate actions in ZPE Cloud. A service account is a special type of non-human account used by applications, workloads, or system components to authenticate and interact with ZPE Cloud APIs without user intervention. Instead of representing a person, it represents an identity for a process that can a perform an action and its authentication in ZPE Cloud uses an API key.
How to use Service Accounts in API: API Key or OAuth 2.0.
There are two forms to use Service Accounts via API, either through an API Key or OAuth 2.0.
Service accounts are authenticated using API keys provided on the header of the REST API request with the following format: 'Authorization: Bearer <API Key>'. In which, the <API Key> can be replaced by your actual Service Account key. Example below:
API Key:'Authorization: Bearer zpe_cloud_FaaBBqaSS7SrOnKrq2KS3sFW19S9oB0s9Q0xrLXs5e8'
OAuth 2.0:'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM'
Note
Service accounts do not require a login in ZPE Cloud and actions can be performed with a single REST API request.
Service Accounts API examples
This section shows the process of interacting with the ZPE Cloud company's API using cURL or Python for basic operations such as:
Logging into the Cloud company using company credentials.
Performing a series of API requests: a POST request to add a new group to the company, a GET request to verify the successful addition of the group, a PUT request to edit the newly created group, and a DELETE request to remove the group.
Logging out from the ZPE Cloud company.
All Device Logs Collection Example
cURL example with API Key:
curl -H 'Authorization: Bearer zpe_cloud_FaaBBqaSS7SrOnKrq2KS3sFW19S9oB0s9Q0xrLXs5e8' -i 'https://api.zpecloud.com/device/logs?start_date=2026-01-03&end_date=2026-03-03&offset=0&limit=10'cURL example with OAuth 2.0:
curl -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' -i 'https://api.zpecloud.com/device/logs?start_date=2026-01-03&end_date=2026-03-03&offset=0&limit=10'Python Example API Key:
Note
A good practice for automating API actions is to confirm that the response status code is the expected one and the text reply is in JSON format. Non JSON replies can indicate failures on the API action and a teardown to revert or handle partial actions is recommended.
#!/bin/env python3
import requests
from datetime import datetime
from dateutil.relativedelta import relativedelta
from sys import exit
current_datetime = datetime.now()
previous_time = current_datetime - relativedelta(days=1)
session = requests.Session()
headers = {'Authorization': 'Bearer zpe_cloud_FaaBBqaSS7SrOnKrq2KS3sFW19S9oB0s9Q0xrLXs5e8', 'Accept': 'application/json', 'Content-Type': 'application/json'}
r = session.get(f"https://api.zpecloud.com/device/logs?start_date={previous_time.date().isoformat()}&end_date={current_datetime.date().isoformat()}&offset=0&limit=10", headers=headers)
# URL will be like "https://api.zpecloud.com/device/logs?start_date=2026-03-25&end_date=2026-03-26&offset=0&limit=10"
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")
# If the response is not JSON, means the middleware failed (network, security, throttle) or an unhandled error happened.
# Reachability: Check if you are using the correct endpoint (404), API domain, network issue, SSL traffic inspection blocked the request.
# Gateways and Security layers: Check if you are being blocked by security layer (403), rate limit (429).
# API errors or availability: Check for Internal server error (500), Bad Gateway (502), Service Unavailable (503), Gateway timeout (504).
if r.headers and r.headers['Content-Type'] != 'application/json':
print(f"Response is not in json format. Check if request is able to reach ZPE Cloud. Status code: {r.status_code}. Response: {r.text}.")
exit(1)
elif r.status_code < 200 and r.status_code > 299:
print(f"Response is json but the status code indicates failure. Check the error on the response. Status code: {r.status_code}. Response: {r.text}.")
exit(1)Python Example OAuth 2.0:
#!/bin/env python3
import requests
from datetime import datetime
from dateutil.relativedelta import relativedelta
current_datetime = datetime.now()
previous_time = current_datetime - relativedelta(days=1)
session = requests.Session()
headers = {'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM', 'Accept': 'application/json', 'Content-Type': 'application/json'}
r = session.get(f"https://api.zpecloud.com/device/logs?start_date={previous_time.date().isoformat()}&end_date={current_datetime.date().isoformat()}&offset=0&limit=10", headers=headers)
# URL will be like "https://api.zpecloud.com/device/logs?start_date=2026-03-25&end_date=2026-03-26&offset=0&limit=10"
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")
# If the response is not JSON, means the middleware failed (network, security, throttle) or an unhandled error happened.
# Reachability: Check if you are using the correct endpoint (404), API domain, network issue, SSL traffic inspection blocked the request.
# Gateways and Security layers: Check if you are being blocked by security layer (403), rate limit (429).
# API errors or availability: Check for Internal server error (500), Bad Gateway (502), Service Unavailable (503), Gateway timeout (504).
if r.headers and r.headers['Content-Type'] != 'application/json':
print(f"Response is not in json format. Check if request is able to reach ZPE Cloud. Status code: {r.status_code}. Response: {r.text}.")
exit(1)
elif r.status_code < 200 and r.status_code > 299:
print(f"Response is json but the status code indicates failure. Check the error on the response. Status code: {r.status_code}. Response: {r.text}.")
exit(1)Curl examples
These step-by-step instructions will ensure you understand how to manage groups within the ZPE Cloud company's environment using API calls through cURL tool.
NOTE:
It is recommended to use Linux command prompts, such as those in Ubuntu, to execute these commands. Using Windows can cause issues with extra characters, such as backslashes \ and line breaks, which you will need to remove for the commands to work correctly.
Make sure to have cURL installed on your system to accomplish the commands.
Getting the List of Groups
Execute the following command to get the list of groups:
curl -i -X GET 'https://api.staging-zpecloud.com/group' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' \
--header 'Content-Type: application/json'Adding a Group
Execute the following command to add a group:
curl -i -X POST 'https://api.zpecloud.com/group' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' \
--header 'Content-Type: application/json' \
--data '{"name": "group_test", "access_level": "1"}'Getting a Group
Execute the following command to get a group data using the group ID:
curl -i -X GET 'https://api.staging-zpecloud.com/group/64598' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' \
--header 'Content-Type: application/json'Editing a Group
Execute the following command to edit group using the group ID:
curl -i -X PUT 'https://api.staging-zpecloud.com/group/64598' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' \
--header 'Content-Type: application/json' \
--data '{"name": "group_test_edited", "access_level": "3"}'Deleting a Group
Execute the following command to delete a group:
curl -i -X DELETE 'https://api.staging-zpecloud.com/group/64598' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiM' \
--header 'Content-Type: application/json'Legacy API USER Authentication
The documentation and examples bellow refer to the API interaction using the legacy API Authentication method of logging, interacting with ZPE Cloud API and logging out as a user instead of using Service Accounts.
Note
API Authentication using cookies is a legacy authentication method in ZPE Cloud API, please refer to Service Accounts tab and how to use Services Accounts in ZPE Cloud API. Service accounts log under TRACKING::LOGS tab every request performed to the ZPE Cloud API providing higher traceability and visibility of the actions performed into your company.
Note
For legacy API User Authentication, a logout is required to finish the previous API session or it will wait the session idle timeout.
Login Endpoint
Endpoint: /user/auth - This is the endpoint for user login into the application.
Method: POST
Payload data:
{
"email": "user1@example.com",
"password": "pwd@1234"
}Response:
{
"id": 2, "username": "user1", "email": "user1@example.com", "first_name": "testuserfn", "last_name": "testuserln",
"type": "CA", "first_access": true, "creation_type": "local", "company": "ABC", "companies_count": "1",
"setup_pwd": "pwd@1234", "session_timeout": 10, "access_level": "3"
}The following table shows the list of values you may see in the response.
Parameter | Description |
|---|---|
id | User ID of the user logged into the ZPE Cloud. |
username | Name of the user to log in to the ZPE Cloud. |
Email address of the user registered for the ZPE Cloud account. | |
first name | First name of the user registered for ZPE Cloud. |
last name | Last name of the user registered for ZPE Cloud. |
type | User type logged into the ZPE Cloud. Includes types such as CA, SA, and GA. |
first-access | Determines if a user is logged into the ZPE Cloud for the first time. |
creation-type | Determine if a user is a local user or a remote user. |
company | Name of the company to which the user is registered. |
companies_count | Number of companies to which the user is registered in ZPE Cloud. |
setup-pwd | Password to log into the ZPE Cloud. |
session timeout | Inactivity session timeout. |
access_level | Defines if users have access level: 0- Super Admin; 1- User; 2- Operator; 3- Administrator |
Logout endpoint
Endpoint: /user/logout - This is the endpoint for user logout from the application.
Method: POST
Payload data: Not applicable
Response:
{}Legacy Examples
This section shows the process of interacting with the ZPE Cloud company's API using cURL or Python for basic operations such as:
Logging into the Cloud company using company credentials.
Performing a series of API requests: a POST request to add a new group to the company, a GET request to verify the successful addition of the group, a PUT request to edit the newly created group, and a DELETE request to remove the group.
Logging out from the ZPE Cloud company.
Note
Requests to company related data and devices requires Authentication on ZPE Cloud, this way, the login to API is the first step required to execute the following up requests.
Remember to logout from the API at the end of the steps in order to avoid keeping an unused session opened.
cURL Examples
These step-by-step instructions will ensure you understand how to manage groups within the ZPE Cloud company's environment using API calls through cURL tool.
NOTE:
It is recommended to use Linux command prompts, such as those in Ubuntu, to execute these commands. Using Windows can cause issues with extra characters, such as backslashes \ and line breaks, which you will need to remove for the commands to work correctly.
Make sure to have cURL installed on your system to accomplish the commands.
About Cookies
The Cookie for ZPE Cloud can be retrieved at the login request. The --cookie-jar and --cookie options can be replaced by the ‘Cookie’ on header of the request, such as:
--header "Cookie: session=uwfmzdngvgw2n5whta73japizga7u53w;"
Logging to ZPE Cloud
Open the command prompt from your Operational System.
Execute the following command to log into the ZPE Cloud:
curl -i -X POST 'https://api.zpecloud.com/user/auth' \ --header 'Content-Type: application/json' \ --data '{"email": "doc-user.01@zpesystems.com", "password": "-2g3#h&Y}v=4[h|G}lkjhBkk}k[t8<PP&bgDxFVUj$)T*bG^.Qu"}' \ --cookie-jar cookiefile
Copy the set-cookie parameter value. See the above screenshot. The cookie is used in the header in the following operations.
Getting the List of Groups
Execute the following command to get the list of groups:
curl -i -X GET 'https://api.staging-zpecloud.com/group' \
--header 'Content-Type: application/json' \
--cookie cookiefileAdding a Group
Execute the following command to add a group:
curl -i -X POST 'https://api.zpecloud.com/group' \
--header 'Content-Type: application/json' \
--data '{"name": "group_test", "access_level": "1"}' \
--cookie cookiefileGetting a Group
Execute the following command to get a group data using the group ID:
curl -i -X GET 'https://api.staging-zpecloud.com/group/64598' \
--header 'Content-Type: application/json' \
--cookie cookiefileEditing a Group
Execute the following command to edit group using the group ID:
curl -i -X PUT 'https://api.staging-zpecloud.com/group/64598' \
--header 'Content-Type: application/json' \
--data '{"name": "group_test_edited", "access_level": "3"}' \
--cookie cookiefileDeleting a Group
Execute the following command to delete a group:
curl -i -X DELETE 'https://api.staging-zpecloud.com/group/64598' \
--header 'Content-Type: application/json' \
--cookie cookiefileLogging out from ZPE Cloud
Execute the following command to log out from ZPE Cloud:
curl -i -X POST 'https://api.staging-zpecloud.com/user/logout' \
--header 'Content-Type: application/json' \
--cookie cookiefileLegacy Python Examples
These step-by-step instructions will ensure you understand how to manage groups within the ZPE Cloud company's environment using API calls through Python.
Note
It is recommended to use Python3 for the requests. Make sure Session library is installed on your system.
Logging in ZPE Cloud
Create a session to re-use the cookie parameter:
#!/bin/env python3
import requests
session = requests.Session()
headers = {'Accept': 'application/json, text/xml'}
payload = {"email": "doc-user.01@zpesystems.com", "password": "-2g3#h&Y}v=4[h|G}lkjhBkk}k[t8<PP&bgDxFVUj$)T*bG^.Qu"}
r = session.post("https://api.zpecloud.com/user/auth", headers=headers, data=payload)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")
#[...continuation]Getting List of Groups
Execute the following request to get the list of groups:
#[...continuation]
headers = {'Accept': 'application/json, text/xml', 'Content-Type': 'application/json'}
r = session.get("https://api.zpecloud.com/group", headers=headers)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")
#[...continuation]Logging out from ZPE Cloud
Execute the following request to log out from ZPE Cloud:
#[...continuation]
headers = {'Accept': 'application/json, text/xml', 'Content-Type': 'application/json'}
r = session.post("https://api.zpecloud.com/user/logout", headers=headers)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")Full script
#!/bin/env python3
import requests
session = requests.Session()
headers = {'Accept': 'application/json, text/xml'}
payload = {"email": "doc-user.01@zpesystems.com", "password": "-2g3#h&Y}v=4[h|G}lkjhBkk}k[t8<PP&bgDxFVUj$)T*bG^.Qu"}
r = session.post("https://api.zpecloud.com/user/auth", headers=headers, data=payload)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")
headers = {'Accept': 'application/json, text/xml', 'Content-Type': 'application/json'}
r = session.get("https://api.zpecloud.com/group", headers=headers)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")
headers = {'Accept': 'application/json, text/xml', 'Content-Type': 'application/json'}
r = session.post("https://api.zpecloud.com/user/logout", headers=headers)
print(f"Auth: {r.status_code}")
print(f"Auth: {r.text}")