# LitmusEdgeManager 2.31.x API Documentation/Admin Console APIs/Integration - LE, LEM, LUNS API Docs ## Kafka Access Control Lists (ACLs) **GET** `{{LEM_adminURL}}/admin/v1/kafka-auth/acl` # Kafka Access Control Lists (ACLs) Returns the Kafka ACLs configured on LEM's bundled Kafka instance. Each row: `(username, topic, operation)`. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/kafka-auth/acl ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json [ { "username": "admin", "topic": "lem.mqtt.ea13siviozaattgjd5unuoya7", "operation": "READ" }, { "username": "admin", "topic": "lem.mqtt.emdlptxsqpdravb1cyzya6ws2", "operation": "WRITE" }, { "username": "admin", "topic": "lem.mqtt.emdlptxsqpdravb1cyzya6ws2", "operation": "READ" }, { "username": "admin", "topic": "lem.mqtt.emdlptxsqpdravb1cyzya6ws2", "operation": "DELETE" } ] ``` --- ## Kafka Topics **GET** `{{LEM_adminURL}}/admin/v1/kafka-auth/topic` # Kafka Topics Returns every topic in LEM's bundled Kafka. Topic names follow LEM conventions like `lem.mqtt.`, `lem.events.`. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/kafka-auth/topic ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json [ { "name": "lem.mqtt.cse9ecyxjifs7yhizoqiydyu3" }, { "name": "lem.events.llg72k2ip2nnu2yt5lk58l6j" }, { "name": "action-log" }, { "name": "lem.events.8h0lim73udgl5r8ex4v0d1vr7" }, { "name": "lem.events.ea13siviozaattgjd5unuoya7" }, { "name": "lem.mqtt.2prp72ljt3e2149umck473xrl" }, { "name": "lem.mqtt.462j1mq70mph31wa100t1yuxa" }, { "name": "lem.events.6d02e1nglkzlc1tv650o4yy0u" }, { "name": "lem.events.cse9ecyxjifs7yhizoqiydyu3" }, { "name": "lem.events.detk20ap42y5rcvfsdfe9790" }, { "name": "lem.mqtt.detk20ap42y5rcvfsdfe9790" }, { "name": "lem.mqtt.6d02e1nglkzlc1tv650o4yy0u" }, { "name": "lem.mqtt.8h0lim73udgl5r8ex4v0d1vr7" }, { "name": "lem.events.ejthz6njrlve8g9n9k51m3wa2" }, { "name": "data.compacted" }, { "name": "lem.events.462j1mq70mph31wa100t1yuxa" }, { "name": "lem.mqtt.emdlptxsqpdravb1cyzya6ws2" }, { "name": "lem.events.2prp72ljt3e2149umck473xrl" }, { "name": "lem.mqtt.ejthz6njrlve8g9n9k51m3wa2" }, { "name": "lem.mqtt.llg72k2ip2nnu2yt5lk58l6j" }, { "name": "lem.events.emdlptxsqpdravb1cyzya6ws2" }, { "name": "lem.mqtt.ea13siviozaattgjd5unuoya7" } ] ``` --- ## Kafka User List **GET** `{{LEM_adminURL}}/admin/v1/kafka-auth/user` # Kafka User List Returns the Kafka SASL users provisioned on LEM. Use for diagnostics; user creation goes through Kafka's tooling rather than this read endpoint. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/kafka-auth/user ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json [ { "username": "admin" }, { "username": "test1" } ] ``` --- ## Clickhouse Ports **GET** `{{LEM_adminURL}}/admin/v1/clickhouse-mgmt/interface` # Clickhouse Ports Returns LEM's Clickhouse listener configuration: HTTP, HTTPS, native, MySQL ports with connection strings, current state, and any per-network bindings. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/clickhouse-mgmt/interface ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json [ { "type": "HTTP", "connectionString": "http://10.17.3.103:8123/clickhouse", "port": 8123, "state": false, "networks": [] }, { "type": "HTTPS", "connectionString": "https://10.17.3.103:8543/clickhouse", "port": 8543, "state": true, "networks": [] }, { "type": "NATIVE", "connectionString": "jdbc:clickhouse://10.17.3.103:9000", "port": 9000, "state": false, "networks": [] }, { "type": "MYSQL", "connectionString": "jdbc:mysql://10.17.3.103:9004", "port": 9004, "state": false, "networks": [] } ] ``` --- ## Enable/Disable Clickhouse Port **POST** `{{LEM_adminURL}}/admin/v1/clickhouse-mgmt/interface` # Enable / Disable Clickhouse Port Toggles one Clickhouse port's state. `state: true` enables, `false` disables. `type` selects the listener (`NATIVE`, `HTTP`, `HTTPS`, `MYSQL`). ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/clickhouse-mgmt/interface ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "type": "NATIVE", "state": false, "port": 9000, "networks": [] } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "type": "NATIVE", "state": false, "port": 9000, "networks": [] } ``` ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Clickhouse User List **GET** `{{LEM_adminURL}}/admin/v1/clickhouse-mgmt/user` # Clickhouse User List Returns the Clickhouse users provisioned on LEM. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/clickhouse-mgmt/user ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json [ { "username": "admin" } ] ``` --- ## Create Clickhouse User **POST** `{{LEM_adminURL}}/admin/v1/clickhouse-mgmt/user` # Create Clickhouse User Creates a new Clickhouse user. ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/clickhouse-mgmt/user ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "username": "apiusername", "password": "", "isNewUser": null } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "username": "apiusername", "password": "123134rsdf4q221@1W", "isNewUser": null } ``` ### Response **Status**: 201 Created ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Delete Clickhouse User **DELETE** `{{LEM_adminURL}}/admin/v1/clickhouse-mgmt/user/apiusername` # Delete Clickhouse User Removes a Clickhouse user. The username goes in the path. ## Endpoint ```http DELETE {{LEM_adminURL}}/admin/v1/clickhouse-mgmt/user/apiusername ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 204 No Content --- ## Clickhouse Access Control Lists (ACLs) **GET** `{{LEM_adminURL}}/admin/v1/clickhouse-mgmt/acl` # Clickhouse Access Control Lists (ACLs) Returns per-(user, company, project) Clickhouse access grants. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/clickhouse-mgmt/acl ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json [ { "username": "admin", "projectId": "emdlptxsqpdravb1cyzya6ws2", "projectName": "kafka", "companyName": "production" } ] ``` --- ## Prometheus URL **GET** `{{LEM_adminURL}}/admin/v1/prometheus` # Prometheus URL Returns LEM's Prometheus server URL, enabled state, and the configured Alert Manager URL. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/prometheus ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Response ```json { "serverUrl": "http://10.17.3.103:9090", "enabled": true, "alertManagerUrl": null } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json { "serverUrl": "http://10.17.3.103:9090", "enabled": true, "alertManagerUrl": null } ``` --- ## Enable/Disable Prometheus URL **PUT** `{{LEM_adminURL}}/admin/v1/prometheus/enable?isEnabled=true` # Enable / Disable Prometheus URL Toggles whether Prometheus is exposed on the LEM admin surface. `isEnabled=true` enables; `false` disables. ## Endpoint ```http PUT {{LEM_adminURL}}/admin/v1/prometheus/enable?isEnabled=true ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Test Alert Manager **POST** `{{LEM_adminURL}}/admin/v1/prometheus/alert-manager/external-url-validate` # Test Alert Manager Validates that an Alert Manager URL is reachable, without persisting it. ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/prometheus/alert-manager/external-url-validate ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "alertManagerUrl": "10.0.0.0:1000" } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "alertManagerUrl": "10.0.0.0:1000" } ``` --- ## Set Alert Manager URL **POST** `{{LEM_adminURL}}/admin/v1/prometheus/alert-manager/external-url` # Set Alert Manager URL Configures the external Alert Manager URL. Pair with `Test Alert Manager` first to validate. ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/prometheus/alert-manager/external-url ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "alertManagerUrl": "10.10.0.1:1000" } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "alertManagerUrl": "10.10.0.1:1000" } ``` ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Syslog Settings **GET** `{{LEM_adminURL}}/admin/v1/config/syslog/settings` # Syslog Settings Returns the configured syslog forwarding target. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/config/syslog/settings ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Response ```json { "enabled": false, "host": "10.17.3.103", "port": 514 } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json { "enabled": false, "host": "10.17.3.103", "port": 514 } ``` --- ## Enable/Disable Logs Forwarding **POST** `{{LEM_adminURL}}/admin/v1/config/syslog/settings` # Enable / Disable Logs Forwarding Configures syslog forwarding -- the same endpoint both saves the target and toggles enabled flag. ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/config/syslog/settings ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "enabled": true, "host": "10.17.3.103", "port": 514 } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "enabled": true, "host": "10.17.3.103", "port": 514 } ``` ### Response **Status**: 201 Created --- ## Syslog Test Message **POST** `{{LEM_adminURL}}/admin/v1/config/syslog/test` # Syslog Test Message Sends a test message to the configured syslog target. ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/config/syslog/test ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "message": "Test message" } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "message": "Test message" } ``` ### Response **Status**: 200 OK --- ## Get DigiCert Settings **GET** `{{LEM_adminURL}}/admin/v1/domain/ssl/digicert/settings` # Get DigiCert Settings Returns the DigiCert IoT API integration settings used by LEM when issuing certificates to managed devices. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/domain/ssl/digicert/settings ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Response ```json { "url": "https://one.digicert.com/iot/api/v1", "profileId": "", "passcode": null, "duration": 365 } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json { "url": "https://one.digicert.com/iot/api/v1", "profileId": "", "passcode": null, "duration": 365 } ``` --- ## Get Git Schedule Settings **GET** `{{LEM_adminURL}}/admin/v1/git/schedule` # Get Git Schedule Settings Returns the configured automatic git-sync schedule. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/git/schedule ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Response ```json { "enable": true, "periodFrequency": "HOURLY" } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json { "enable": true, "periodFrequency": "HOURLY" } ``` --- ## Set Git Schedule Settings **POST** `{{LEM_adminURL}}/admin/v1/git/schedule` # Set Git Schedule Settings Configures the automatic git-sync schedule. `periodFrequency` is `HOURLY`, `DAILY`, ... ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/git/schedule ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "enable": true, "periodFrequency": "HOURLY" } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "enable": true, "periodFrequency": "HOURLY" } ``` ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Delete Git Schedule Settings **DELETE** `{{LEM_adminURL}}/admin/v1/git/schedule` # Delete Git Schedule Settings Removes the git-sync schedule entirely. Manual syncs still work via `Sync Git Template`. ## Endpoint ```http DELETE {{LEM_adminURL}}/admin/v1/git/schedule ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Get Git Provider Config **GET** `{{LEM_adminURL}}/admin/v1/git/provider` # Get Git Provider Config Returns the configured git provider type and SSH URL. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/git/provider ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Response ```json { "type": "GITHUB", "sshUrl": "git@github.com:username/repo.git" } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json { "type": "GITHUB", "sshUrl": "git@github.com:username/repo.git" } ``` --- ## Create/Update Git Provider Config **POST** `{{LEM_adminURL}}/admin/v1/git/provider` # Create / Update Git Provider Config Creates or replaces the git provider config. Only one provider is supported at a time -- this overrides any existing. ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/git/provider ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "type": "GITHUB", "sshUrl": "git@github.com/..." } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "type": "GITHUB", "sshUrl": "git@github.com/..." } ``` ### Response **Status**: 201 Created ```json { "type": "GITHUB", "sshUrl": "git@github.com:username/repo.git" } ``` --- ## Delete Git Provider Config **DELETE** `{{LEM_adminURL}}/admin/v1/git/provider` # Delete Git Provider Config Removes the git provider configuration. ## Endpoint ```http DELETE {{LEM_adminURL}}/admin/v1/git/provider ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Response `204 No Content` on success. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 204 No Content --- ## Validate Provider Configuration **POST** `{{LEM_adminURL}}/admin/v1/git/provider/validate` # Validate Provider Configuration Tests a git provider configuration by attempting to connect (read + write access). ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/git/provider/validate ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "type": "GITHUB", "sshUrl": "git@github.com/..." } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "type": "GITHUB", "sshUrl": "git@github.com/..." } ``` ### Response **Status**: 200 OK ```json { "code": "S", "message": "Repository access successful", "messageDetails": "Successfully validated read and write access to repository at git@github.com:rhysnickerson-litmus/git-integration-test.git" } ``` --- ## Get Git Provider Public Key **GET** `{{LEM_adminURL}}/admin/v1/git/provider/public-key?providerType=GITHUB` # Get Git Provider Public Key Returns the SSH **public key** that LEM uses to authenticate to the git provider. Install this in the git provider's deploy-key settings (or service account) to grant LEM access. `providerType` is `GITHUB`, `GITLAB`, or `AZURE_DEVOPS`. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/git/provider/public-key?providerType=GITHUB ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "track": true, "syncOnBackup": true } ``` ### Response **Status**: 200 OK ```json { "publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkcU+SRAr7Eg38ymZczzRC53IKRsa87gQVrJPzxeeAC generated-by-admin-api", "publicKeyFingerprint": "SHA256:vuJwtudKzjRlH/zIoTJ5cBcfkJHLl4+WRyWGgfGP5Zc", "privateKeyType": "ED25519" } ``` --- ## Update Git Tracking Settings **PUT** `{{LEM_adminURL}}/admin/v1/git/tracking/{{project_id}}` # Update Git Tracking Settings Updates per-project git tracking flags: whether to track the project and whether to sync on backup. ## Endpoint ```http PUT {{LEM_adminURL}}/admin/v1/git/tracking/{{project_id}} ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "track": true, "syncOnBackup": true } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "track": true, "syncOnBackup": true } ``` ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Sync Git Template **POST** `{{LEM_adminURL}}/admin/v1/git/tracking/{{project_id}}/sync` # Sync Git Template Triggers a manual git sync for one project. Pair with `Get Tracking Overview (Paginated)` to observe progress. ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/git/tracking/{{project_id}}/sync ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json {} ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json {} ``` ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Get Tracking Overview (Paginated) **GET** `{{LEM_adminURL}}/admin/v1/git/tracking?companyName=companyName&projectId=projectId` # Get Tracking Overview (Paginated) Returns the paginated git tracking history: per-project sync status, last sync time, devices count, and async task ID. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/git/tracking?companyName=companyName&projectId=projectId ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json { "pageNum": 0, "pagesCount": 1, "size": 10, "totalSize": 1, "elements": [ { "projectId": "8apk5dk9k2stgubim64uwqxsr", "projectName": "ProjectA", "realCompanyName": "CompanyA", "companyName": "companya", "track": true, "syncOnBackup": true, "numberOfEdgeDevices": 1, "numberOfSyncedDevices": 1, "lastSyncTime": 1767974431273, "asyncSubtaskId": "83a9c422-675b-4f6f-99ac-d2256e8e2d8c", "status": "SUCCESS", "message": null, "commitHash": "e98702151edafb9d07901c7b79b6bfd65405fd37" } ] } ``` --- ## Get AI Assistant Config **GET** `{{LEM_adminURL}}/admin/v1/ai-assistant-settings` # Get AI Assistant Config Returns the current AI Assistant integration config: base URL, chat / embed model names, embedding-support flag, and any additional API headers. The API key is masked / omitted. ## Endpoint ```http GET {{LEM_adminURL}}/admin/v1/ai-assistant-settings ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json { "baseUrl": "https://api.openai.com/v1", "apiKey": null, "chatModel": "gpt-4.1-mini", "embedModel": "text-embedding-ada-002", "isEmbedSupported": true, "apiHeaders": [] } ``` --- ## Update AI Assistant Config **POST** `{{LEM_adminURL}}/admin/v1/ai-assistant-settings` # Update AI Assistant Config Updates the AI Assistant config. Run `Validate AI Assistant Config` first to confirm reachability. ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/ai-assistant-settings ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body ```json { "baseUrl": "https://api.openai.com/v1", "apiHeaders": [{ "name": "key", "value": "value", "isProtected": true }], "apiKey": "password", "chatModel": "gpt-4.1-mini", "embedModel": "text-embedding-ada-002", "isEmbedSupported": true } ``` ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "baseUrl": "https://api.openai.com/v1", "apiHeaders": [ { "name": "key", "value": "value", "isProtected": true } ], "apiKey": "password", "chatModel": "gpt-4.1-mini", "embedModel": "text-embedding-ada-002", "isEmbedSupported": true } ``` ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Validate AI Assistant Config **POST** `{{LEM_adminURL}}/admin/v1/ai-assistant-settings/validate` # Validate AI Assistant Config Validates AI Assistant settings without persisting them. ## Endpoint ```http POST {{LEM_adminURL}}/admin/v1/ai-assistant-settings/validate ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Request body Same shape as `Update AI Assistant Config`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Request Body ```json { "baseUrl": "https://api.openai.com/v1", "apiHeaders": [ { "name": "key", "value": null, "isProtected": true } ], "apiKey": null, "chatModel": "gpt-4.1-mini", "embedModel": "text-embedding-ada-002", "isEmbedSupported": true } ``` ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` --- ## Delete AI Assistant API Key **DELETE** `{{LEM_adminURL}}/admin/v1/ai-assistant-settings/apikey` # Delete AI Assistant API Key Removes the stored API key, leaving the rest of the config intact. Use to rotate secrets without re-entering everything. ## Endpoint ```http DELETE {{LEM_adminURL}}/admin/v1/ai-assistant-settings/apikey ``` ## Authentication HTTP Basic Auth. **Username** is your API token, **password** is empty. Tokens are managed under `System > Access Control > Tokens`. ## Errors | HTTP status | When it happens | |---------------------|--------------------------------------------------------------------------------| | `400 Bad Request` | Missing or malformed query/body parameter. | | `401 Unauthorized` | Missing or invalid credentials. | | `403 Forbidden` | Token lacks permission for this operation. | | `404 Not Found` | Target entity does not exist. | | `5xx` | Service is unreachable, restarting, or internally errored. Inspect device logs under `System > Support`. | > **TLS note**: edge devices use a self-signed certificate by default. Either install the device CA in your client trust store or disable certificate verification when calling this endpoint directly. ### Response **Status**: 200 OK ```json { "code": "S", "message": null, "messageDetails": null } ``` ---