Skip to main content

API

The Guacamole server offers a RESTful API to access and modify the underlying data store. API calls are secured using an access token which can be obtained by calling the /api/tokens endpoint. The following bash script assumes that you are executing the calls from within the Guacamole instance. You can replace localhost with the hostname of the Guacamole instance if these requests are made remotely.

# Replace PASSWORD with the password of the guacadmin user
# Tokens expire after 60 minutes of inactivity
export TOKEN=$(curl -s -k -X POST https://localhost/api/tokens -d 'username=guacadmin&password=PASSWORD' | jq -r .authToken)

# Create a new user
curl -s -k -X POST -H 'guacamole-token: '$TOKEN -H 'Content-Type: application/json' https://localhost/api/session/data/mysql/users --data-binary '{"password":"testpassword","username":"newuser","attributes":{}}'

# Update the password of the user
curl -s -k -X PUT -H 'guacamole-token: '$TOKEN -H 'Content-Type: application/json' https://localhost/api/session/data/mysql/users/newuser --data-binary '{"password":"testpassword","username":"newuser","attributes":{}}'

# Get connection groups and connections, required for the next step
curl -s -k -X GET -H 'guacamole-token: '$TOKEN -H 'Content-Type: application/json' https://localhost/api/session/data/mysql/connectionGroups/ROOT/tree

# Update permissions on groups and connections
curl -s -k -X PATCH -H 'guacamole-token: '$TOKEN -H 'Content-Type: application/json' https://localhost/api/session/data/mysql/users/newuser/permissions --data-binary '[{"op":"add","path":"/connectionPermissions/1","value":"READ"},{"op":"add","path":"/connectionGroupPermissions/1","value":"READ"},{"op":"add","path":"/connectionGroupPermissions/2","value":"READ"}]'