REST API overview
Adaxes REST API makes it possible to interact with Adaxes over HTTP. It enables you to perform operations in Active Directory, Exchange, Microsoft 365, and benefit from Adaxes functionality, like business rules or property patterns. For example, you can send a request to create a user account, and Adaxes will work through the entire user provisioning process, based on the automated workflows you have configured.
To start using Adaxes REST API, you need to install the REST API component. The base URL for your REST API is determined during the installation and consists of the DNS host name of the computer where the component is installed, and the IIS virtual directory name specified during the installation. For example:
REST API will work out-of-the-box after installing it. Configuring REST API primarily means disabling certain API features for security reasons or otherwise. For example, you can disallow user deletion via REST API, or disallow executing a specific custom command. Here is a list of settings you can configure:
- Restrict access to REST API
- Restrict allowed operations and custom commands
- Restrict access to directory objects
- Configure brute force protection
- Change authentication timeout
- Specify property for object display names
If you have multiple instances of Adaxes service that share common configuration, the REST API will take advantage of the load balancing and fault tolerance mechanism of Adaxes. A REST API client (e.g. your custom application) is not bound to a single Adaxes service. If the client stops sending requests for several minutes, Adaxes will reevaluate which service should handle new requests, based on its load balancing algorithm. If the currently used service becomes unresponsive, the requests will be automatically redirected to the next available service that shares common configuration. One more thing to note — if REST API component and an instance of Adaxes service are installed on the same computer, requests will always be processed by the local service instance if it is available.
To authenticate to Adaxes REST API you need the credentials of a user account from a domain managed by Adaxes. We recommend to create a dedicated service account to use with REST API and, optionally, restrict authentication of all other accounts.
For details on how to authenticate to Adaxes REST API, see Authentication.
The ~ symbol represents your REST API base URL in all requests referenced in this documentation. The complete URL for each request varies depending on the endpoint of the resource you need to access. The following table lists all available requests and corresponding endpoints:
|Get directory object||GET||~/api/directoryObjects|
|Create directory object||POST||~/api/directoryObjects|
|Modify directory object||PATCH||~/api/directoryObjects|
|Move directory object||POST||~/api/directoryObjects/move|
|Delete directory object||DELETE||~/api/directoryObjects|
|Get group members||GET||~/api/directoryObjects/groupMembers|
|Add group member||POST||~/api/directoryObjects/groupMembers|
|Remove group member||DELETE||~/api/directoryObjects/groupMembers|
|Reset user password||POST||~/api/directoryObjects/resetPassword|
|Change user password||POST||~/api/directoryObjects/changePassword|
|Execute custom command||POST||~/api/directoryObjects/executeCustomCommand|
|Get business unit members||GET||~/api/directoryObjects/businessUnitMembers|
|Get Exchange recipient information||GET||~/api/directoryObjects/exchange/recipientInfo|
|Create Exchange mailbox||POST||~/api/directoryObjects/exchange/mailbox|
|Delete Exchange mailbox||DELETE||~/api/directoryObjects/exchange/mailbox|