API
The Guacamole server offers a RESTful API to access and modify the underlying data store. API calls are secured using an access token which can be obtained by calling the /api/tokens
endpoint. The following bash script assumes that you are executing the calls from within the Guacamole instance. You can replace localhost
with the hostname of the Guacamole instance if these requests are made remotely.
# Replace PASSWORD with the password of the guacadmin user
# Tokens expire after 60 minutes of inactivity
export TOKEN=$(curl -s -k -X POST https://localhost/api/tokens -d 'username=guacadmin&password=PASSWORD' | jq -r .authToken)
# Create a new user
curl -s -k -X POST -H 'guacamole-token: '$TOKEN -H 'Content-Type: application/json' https://localhost/api/session/data/mysql/users --data-binary '{"password":"testpassword","username":"newuser","attributes":{}}'
# Update the password of the user
curl -s -k -X PUT -H 'guacamole-token: '$TOKEN -H 'Content-Type: application/json' https://localhost/api/session/data/mysql/users/newuser --data-binary '{"password":"testpassword","username":"newuser","attributes":{}}'
# Get connection groups and connections, required for the next step
curl -s -k -X GET -H 'guacamole-token: '$TOKEN -H 'Content-Type: application/json' https://localhost/api/session/data/mysql/connectionGroups/ROOT/tree
# Update permissions on groups and connections
curl -s -k -X PATCH -H 'guacamole-token: '$TOKEN -H 'Content-Type: application/json' https://localhost/api/session/data/mysql/users/newuser/permissions --data-binary '[{"op":"add","path":"/connectionPermissions/1","value":"READ"},{"op":"add","path":"/connectionGroupPermissions/1","value":"READ"},{"op":"add","path":"/connectionGroupPermissions/2","value":"READ"}]'