Azure API Reference Guide

Below is the list of CloudCheckr API calls specific to Microsoft Azure.

Click here for additional information about CloudCheckr API methods.


Other API Methods:


TROUBLESHOOTING

For help with troubleshooting common API issues, click here.


API CALLS

ADD AZURE CSP ACCOUNT

The API method “add_azure_csp_account” is used to register an Azure Cloud Solution Provider (CSP) account with CloudCheckr. This method will return a unique ID to enhance security for the newly created account that can be used for the parameter “use_cc_account_id” when making calls to the admin-level API.

Important:

  • This call can only be made using an admin-level access key.
  • The HTTP method for this call is POST.
  • Azure parameters typically contain special characters. In order to submit as a parameter on the URL, you must URL encode it. See http://www.w3schools.com/tags/ref_urlencode.asp for more details or to URL encode an input parameter.

XML Call:

https://api.cloudcheckr.com/api/account.xml/add_azure_csp_account?access_key=[access_key]

JSON Call:

https://api.cloudcheckr.com/api/account.json/add_azure_csp_account?access_key=[access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – admin-level access key is required for all API calls.
  • account_name (optional) – the name of the Azure account used to register with CloudCheckr.
  • azure_ad_id (optional) – Azure Active Directory ID.
  • azure_ad_user_name (optional) – Azure Active Directory username.
  • azure_ad_user_password (optional) – Azure Active Directory password.
  • azure_app_id (optional) – Azure Native App ID.

OUTPUT

  • account_status – indicates success or failure about creating the account.
  • cc_account_id – the name of the account to register with CloudCheckr.
  • credential_status – status message indicating the result of validating the Azure credentials (if provided in the request).
  • role_account_id – role account ID.

XML Example:

<AddAccountResponseV3 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <account_status>Success</account_status>
 <cc_account_id>9999</cc_account_id>
 <credential_status>Azure credentials applied.</credential_status>
 <role_account_id>CC-99999999999999999999999999999999</role_account_id>
</AddAccountResponseV3>

JSON Example:

{
"account_status": "Success",
"cc_account_id": 9999,
"credential_status": "Azure credentials applied.",
"role_account_id": "CC-99999999999999999999999999999999",
"cc_external_id": null
}

ADD AZURE EA ACCOUNT

The API method “add_azure_ea_account” is used to  register an Azure Enterprise Agreement (EA) account with CloudCheckr. This method will return a unique ID to enhance security for the newly created account that can be used for the parameter “use_cc_account_id” when making calls to the admin-level API.

Important:

  • This call can only be made using an admin-level access key.
  • The HTTP method for this call is POST.
  • Azure parameters typically contain special characters. In order to submit as a parameter on the URL, you must URL encode it. See http://www.w3schools.com/tags/ref_urlencode.asp for more details or to URL encode an input parameter.

XML Call:

https://api.cloudcheckr.com/api/account.xml/add_azure_ea_account?access_key=[access_key]

JSON Call:

https://api.cloudcheckr.com/api/account.json/add_azure_ea_account?access_key=[access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – admin-level access key is required for all API calls.
  • account_name (optional) – the name of the Azure account used to register with CloudCheckr.
  • azure_enrollment_number (optional) – Azure enrollment number to associate with this CloudCheckr account.
  • azure_api_access_key (optional) – Azure API access key (token).

OUTPUT

  • account_status – indicates success or failure about creating the account.
  • cc_account_id – the name of the account to register with CloudCheckr.
  • credential_status – status message indicating the result of validating the Azure credentials (if provided in the request).
  • role_account_id – role account ID.

XML Example:

<AddAccountResponseV3 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <account_status>Success</account_status>
 <cc_account_id>9999</cc_account_id>
 <credential_status>Azure credentials applied.</credential_status>
 <role_account_id>CC-99999999999999999999999999999999</role_account_id>
</AddAccountResponseV3>

JSON Example:

{
 "account_status": "Success",
 "cc_account_id": 9999,
 "credential_status": "Azure credentials applied.",
 "role_account_id": "CC-99999999999999999999999999999999",
 "cc_external_id": null
}

 


ADD AZURE INVENTORY ACCOUNT

The API method “add_azure_inventory_account” is used to register an Azure Subscription account with CloudCheckr. This method will return a unique ID to enhance security for the newly created account that can be used for the parameter “use_cc_account_id” when making calls to the admin-level API.

Important:

  • This call can only be made using an admin-level access key.
  • The HTTP method for this call is POST.
  • Azure parameters typically contain special characters. In order to submit as a parameter on the URL, you must URL encode it. See http://www.w3schools.com/tags/ref_urlencode.asp for more details or to URL encode an input parameter.

XML Call:

https://api.cloudcheckr.com/api/account.xml/add_azure_inventory_account?access_key=[access_key]

JSON Call:

https://api.cloudcheckr.com/api/account.json/add_azure_inventory_account?access_key=[access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – admin-level access key is required for all API calls.
  • account_name (optional) – the name of the Azure account used to register with CloudCheckr.
  • azure_ad_id (optional) – Azure Active Directory ID.
  • azure_app_id (optional) – Azure App ID.
  • azure_api_access_key (optional) – Azure API access key (token).
  • azure_subscription_id (optional) – Azure Active Directory Subscription ID.
  • azure_offer_id (optional) – Azure Offer ID.

OUTPUT

  • account_status – indicates success or failure about creating the account.
  • cc_account_id – the name of the account to register with CloudCheckr.
  • credential_status – status message indicating the result of validating the Azure credentials (if provided in the request).
  • role_account_id – role account ID.

XML Example:

<AddAccountResponseV3 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <account_status>Success</account_status>
 <cc_account_id>9999</cc_account_id>
 <credential_status>Azure credentials applied.</credential_status>
 <role_account_id>CC-99999999999999999999999999999999</role_account_id>
</AddAccountResponseV3>

JSON Example:

{
 "account_status": "Success",
 "cc_account_id": 9999,
 "credential_status": "Azure credentials applied.",
 "role_account_id": "CC-99999999999999999999999999999999",
 "cc_external_id": null
}

AZURE – ADD CUSTOM BILLING CHARGE – FIXED

The API method, “azure_add_custom_billing_charge_fixed”, is used to add a custom billing charge that applies a fixed charge or credit in an Azure account.

To add a fixed charge or credit, go to the left navigation pane, choose Cost > Azure Partner Tools > Configure > Custom Charges, click New Custom Charge, and select Add a fixed charge or credit.


INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
startDate DateTime required; start date for the custom billing charge
endDate DateTime required/optional; end date for the custom billing charge; custom billing charges with no end date will apply until the end of time
amount decimal required; sets the fixed charge (positive value) or credit (negative value) dollar amount
oneTime string *required/optional; applies the fixed charge or credit as a one-time occurence to the custom billing charge
monthlyRecurring string *required/optional; applies the fixed credit or charge as a monthly recurring amount to the custom billing charge
name string required; name of the custom billing charge
description string required; human-friendly description of the custom billing charge
accounts List<string> optional; comma-separated list of accounts where the custom billing charge can be applied; defaults to all accounts
accountsInvert boolean optional; applies the NOT logical operator to selected accounts in the previous parameter; defaults to false
use_account string **optional/required; friendly name of the account in CloudCheckr where the custom billing charge can be applied (must be payer account!)
use_cc_account_id string **optional/required; account ID of the account in CloudCheckr where the custom billing charge can be applied (must be a payer account!)
use_aws_account_id string **optional/required; the 12-digit AWS account ID where the custom billing charge can be applied (must be payer account)

* = one of these parameters must be defined
** = one of these parameters must be defined
Note: The end date is only required if you select the Monthly recurring option.

ENDPOINT URL:

https://localhost/api/billing/[json|xml]/azure_add_custom_billing_charge_fixed

JSON/XML CALL EXAMPLE:

curl --request POST \
  'https://localhost/api/billing/[json|xml]/azure_add_custom_billing_charge_fixed?access_key=46YI9Z8T5JQR353JU63BM88AK99T0FIL67T93QSPX76303C2H17HXS3316CL2N50&use_cc_account_id=3' \
  --header 'cache-control: no-cache' \
  --header 'content-type: application/[json|xml]' \
  --data '{
	"description": "example custom billing charge",
        "name": "example name",
        "charge_value": 111.5,
        "subscriptions": ["71c1d715-a1ce-48d9-b77c-03c00b4463a71","4dc76947-2789-4149-bc29-3b7bd45ce4a8", "07d18ff4-0bea-44e8-bd86-82a7df2e91bc", "8cbaba05-bfe1-426f-b4f7-7378ea754c1e"],
	"startdate":  "1970-01-01",
        "end_date": "2063-04-05",
        "is_recurring": true }
	}

SUCCESSFUL JSON/XML RESPONSE:

{
    "Code": 200,
    "Message": "OK"
}

EDIT AZURE CSP CREDENTIAL

The API method “edit_azure_csp_account” is used used to change the credentials on an Azure Cloud Solution Provider (CSP) account with CloudCheckr.

Important:

  • This call can only be made using an admin-level access key.
  • The HTTP method for this call is POST.

XML Call:

https://api.cloudcheckr.com/api/account.xml/edit_azure_csp_account?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_ad_user_name=[azure_ad_user_name]&azure_ad_user_password=[azure_ad_user_password]&azure_app_id=[azure_app_id]

JSON Call:

https://api.cloudcheckr.com/api/account.json/edit_azure_csp_account?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_ad_user_name=[azure_ad_user_name]&azure_ad_user_password=[azure_ad_user_password]&azure_app_id=[azure_app_id]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – admin-level API access key.
  • use_cc_account_id (required) – the Account ID (Project ID) of the CloudCheckr account to update.
  • azure_ad_user_name (required) – Azure Active Directory username.
  • azure_ad_user_password (required) – Azure Active Directory password.
  • azure_app_id (required) – Azure Native App ID.

OUTPUT

XML & JSON Example:

{"Code":200,"Message":"Azure credentials updated."}

EDIT AZURE EA CREDENTIAL

The API method “edit_azure_ea_account” is used used to change the credentials on an Azure Enterprise Agreement (EA) account with CloudCheckr.

Important:

  • This call can only be made using an admin-level access key.
  • The HTTP method for this call is POST.

XML Call:

https://api.cloudcheckr.com/api/account.xml/edit_azure_ea_account?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_enrollment_number=[azure_enrollment_number]&azure_api_access_key=[azure_api_access_key]

JSON Call:

https://api.cloudcheckr.com/api/account.json/edit_azure_ea_account?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_enrollment_number=[azure_enrollment_number]&azure_api_access_key=[azure_api_access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – admin-level API access key.
  • use_cc_account_id (required) – the Account ID (Project ID) of the CloudCheckr account to update.
  • azure_enrollment_number (required) – Azure enrollment number to associate with this CloudCheckr account.
  • azure_api_access_key (required) – Azure API access key (token).

OUTPUT

XML & JSON Example:

{"Code":200,"Message":"Azure credentials updated."}

EDIT AZURE INVENTORY CREDENTIAL

The API method “edit_azure_inventory_credential” is used used to change the credentials on an Azure Subscription account with CloudCheckr.

Important:

  • This call can only be made using an admin-level access key.
  • The HTTP method for this call is POST.

XML Call:

https://api.cloudcheckr.com/api/account.xml/edit_azure_inventory_credential?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_app_id=[azure_app_id]&azure_api_access_key=[azure_api_access_key]

JSON Call:

https://api.cloudcheckr.com/api/account.json/edit_azure_inventory_credential?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_app_id=[azure_app_id]&azure_api_access_key=[azure_api_access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – admin-level API access key.
  • use_cc_account_id (required) – Tthe Account ID (Project ID) of the CloudCheckr account to update.
  • azure_app_id (required) – Azure Native App ID.
  • azure_api_access_key (required) – Azure API access key (token).

OUTPUT

XML & JSON Example:

{"Code":200,"Message":"Azure credentials updated."}

GET BEST PRACTICES V2

The API method “best_practice/get_best_practices_v2” is used to pull the list of best practice results from a CloudCheckr account. This call will also show ignored checks and the reasons for those ignored items.

XML Call:

https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices_v2?access_key=[access_key]

JSON Call:

https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices_v2?access_key=[access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – standard access key required for all API calls.
  • date (optional) – date to pull the list of Best Practice results. Used to access historical data.
  • category (optional) – the category of the Best Practice report to pull. Accepts Security, Cost, Availability, and/or Usage.
  • importance (optional) – the importance level of the Best Practice checks to pull. Accepts ShowAll, High, Medium, Low, Informational, InformationAndHigher, LowAndHigher, and MediumAndHigher.
  • all_result (optional) – this will allow you to pull all results from the best practice report, even those with no issues. Accepts true or false.
  • aws_account_ids (optional; multi-account view only) – return statistics from these accounts.
  • bpc_id (optional) – this will allow you to pull results for a specific Best Practice ID number.

    Note: To get a list of available ID numbers, pull a list of results without specifying an ID.

OUTPUT

XML Example:

<GetBestPracticesResponse
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <BestPracticeChecks>
        <BestPracticeCheck>
            <CheckId>42</CheckId>
            <Name>Auto Scaling Groups Not Using Cooldown Period</Name>
            <ShortDescription>
Checks each Auto Scaling group to verify they are configured to utilize cooldown periods. Lists each group that does not.
</ShortDescription>
            <LongDescription>
                <p>When enabled, Auto Scaling will automatically scale EC2 capacity up or down, according to pre-defined conditions. During period of high-demand, the number of EC2 instances will increase to meet that demand. When there is little or no demand, the number of instances decreases to help minimize costs. </p>
                <p>Cooldown periods help to prevent Auto Scaling from initiating additional scaling activities before the effects of previous activities are visible. Because scaling activities are suspended when an Auto Scaling group is in cooldown, an adequate cooldown period helps to prevent a trigger from firing based on stale metrics. If a 	cool-down period is not configured, the scaling policy may scale up and down too quickly. </p>
                <p>
                    <a href="http://docs.amazonwebservices.com/AutoScaling/latest/DeveloperGuide/scaling_plan.html#scaling_policies" target="_blank">Go here to learn more.</a>
                </p>
            </LongDescription>
            <Category>Usage</Category>
            <Importance>Low</Importance>
            <CountOfResults>2</CountOfResults>
            <Ignored>true</Ignored>
            <IgnoredReason>IgnoreExample</IgnoredReason>

            <Results>
                <Result>
Auto Scaling Group: agcmgroup | Cooldown: 1 second(s) | Region: US East (Northern Virginia)
</Result>
                <Result>
Auto Scaling Group: changemon | Cooldown: 1 second(s) | Region: US East (Northern Virginia)
</Result>
            </Results>
        </BestPracticeCheck>
    </BestPracticeChecks>
    <DateOfResults>2016-01-29T15:47:56</DateOfResults>
</GetBestPracticesResponse>

JSON Example:

{
    "BestPracticeChecks": [
        {
            "Ignored": false,
            "IgnoredReason": "",
            "CheckId": 466,
            "Name": "App Service Plans with Apps with an Unknown Health Status",
            "ShortDescription": "Checks the Resource Health of each App within each App Service Plan to see to see if any are in an Unknown state.",
            "LongDescription": "

There are three different health statuses:\nAvailable: There aren’t any known problems in the Azure platform that could be impacting this resource\nUnavailable: Resource health has detected issues that are impacting the resource\nUnknown: Resource health can not determine the health of a resource because it has stopped receiving information about it.\nMore information about Azure Resource Health can be found here: https://docs.microsoft.com/en-us/azure/service-health/resource-health-overview

“, “Category”: “Availability”, “Importance”: “Low”, “CountOfResults”: 3, “Results”: [ “App Service Plan: app-plan-1 | Resource Group: app-plan-resource-group | Location: East US”, “App Service Plan: app-plan-2 | Resource Group: app-plan-resource-group | Location: West US”, “App Service Plan: app-plan-3 | Resource Group: app-plan-resource-group | Location: South Central US” ] }


GET RESOURCES VIRTUAL MACHINE DETAILS

The API method “get_resources_virtual_machine_details” is used to to pull the data for the list of Virtual Machines report from CloudCheckr.

JSON Call:

https://api.cloudcheckr.com/api/inventory.json/get_resources_virtual_machine_details?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – standard access key required.
  • use_cc_account_id (required) – CloudCheckr account ID to use. Required if the access key represents an administrator account.
  • date (optional) – return report from this date. If date is not defined, the most recent report will be returned. Recommended date format is mm/dd/yyyy.

OUTPUT

JSON Example:

{
    "DateOfResults": "2017-09-26T15:36:43",
    "TotalCount": 1,
    "Count": 1,
    "VirtualMachines": [
        {
			"SubscriptionId": "11111111-2222-3333-4444-555555555555",
            "LocationName": "East US",
            "Name": "ManagedDisk",
            "State": "Running",
            "Url": "/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/CLOUDCHECKR/providers/Microsoft.Compute/virtualMachines/ManagedDisk",
            "LicenseType": null,
            "VmSize": "Basic_A0",
            "Offer": "WindowsServer",
            "Sku": null,
            "Version": null,
            "OsType": "Windows",
            "DiskName": "ManagedDisk_OsDisk_1_72e7bb21920e486aa9ddc5da4532980e",
            "DIskUri": null,
            "DiskCaching": "ReadWrite",
            "DiskCreateOption": "FromImage",
            "ComputerName": "ManagedDisk",
            "PrivateDnsName": null,
            "PrivateIpAddress": null,
            "PublicDnsName": null,
            "PublicIpAddress": null,
            "SubnetId": null,
            "AvgCpuForLast7Days": 1.9828732800284399,
            "AvgCpuForLast30Days": null,
            "AvgCpuForLast90Days": null,
            "HighCpuPercent": 90,
            "LowCpuPercent": 5,
            "AvgNetworkInLast30Days": null,
            "AvgNetworkOutLast30Days": null,
            "HoursCpuUtilAbove80": 0,
            "HoursCpuUtilBelow80": 0,
            "HoursCpuUtilBelow60": 0,
            "HoursCpuUtilBelow40": 0,
            "HoursCpuUtilBelow20": 0,
            "HoursHighCpuLast7Days": 0,
            "HoursHighCpuLast30Days": 0,
            "HoursHighCpuLast90Days": null,
            "HoursLowCpuLast7Days": 0,
            "HoursLowCpuLast30Days": 0,
            "HoursLowCpuLast90Days": null,
            "HoursRunningLast7Days": null,
            "HoursRunningLast30Days": null,
            "HoursRunningLast90Days": null,
            "MinimumCpuUtilization": null,
            "MinimumCpuUtilizationDateTime": null,
            "PeakCpuUtilization": null,
            "PeakCpuUtilizationDateTime": null,
            "Tags": [
                {
                    "TagName": "Creator",
                    "TagValue": "John Doe"
                }
            ]
        }
    ],
    "HasNext": false,
    "NextToken": ""
}