Azure API Reference Guide

Below is the list of CloudCheckr API calls specific to Microsoft Azure.

Click here for additional information about CloudCheckr API methods


Other API methods


TROUBLESHOOTING

For help with troubleshooting common API issues, click here.


API CALLS

ADD AZURE CSP ACCOUNT

The API method “add_azure_csp_account” is used to register an Azure Cloud Solution Provider (CSP) account with CloudCheckr. This method will return a unique ID to enhance security for the newly created account that can be used for the parameter “use_cc_account_id” when making calls to the Admin-Level API.

IMPORTANT:

  • This call can only be made using a Admin-Level Access Key.
  • The HTTP method for this call is POST.
  • Azure parameters typically contain special characters. In order to submit as a parameter on the URL, you must URL encode it. See http://www.w3schools.com/tags/ref_urlencode.asp for more details or to URL encode an input parameter.

XML call:

https://api.cloudcheckr.com/api/account.xml/add_azure_csp_account?access_key=[access_key]

JSON call:

https://api.cloudcheckr.com/api/account.json/add_azure_csp_account?access_key=[access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level Access Key is required for all API calls.
  • account_name (optional) – The name of the Azure account used to register with CloudCheckr.
  • azure_ad_id (optional) – Azure Active Directory ID.
  • azure_ad_user_name (optional) – Azure Active Directory Username.
  • azure_ad_user_password (optional) – Azure Active Directory Password.
  • azure_app_id (optional) – Azure Native App ID.

OUTPUT

  • account_status – Indicates success or failure about creating the account.
  • cc_account_id – The name of the account to register with CloudCheckr.
  • credential_status – Status message indicating the result of validating the Azure credentials (if provided in the request).
  • role_account_id – Role account ID.

XML Example:

<AddAccountResponseV3 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <account_status>Success</account_status>
 <cc_account_id>9999</cc_account_id>
 <credential_status>Azure credentials applied.</credential_status>
 <role_account_id>CC-99999999999999999999999999999999</role_account_id>
</AddAccountResponseV3>

JSON Example:

{
"account_status": "Success",
"cc_account_id": 9999,
"credential_status": "Azure credentials applied.",
"role_account_id": "CC-99999999999999999999999999999999",
"cc_external_id": null
}

ADD AZURE EA ACCOUNT

The API method “add_azure_ea_account” is used to  register an Azure Enterprise Agreement (EA) account with CloudCheckr. This method will return a unique ID to enhance security for the newly created account that can be used for the parameter “use_cc_account_id” when making calls to the Admin-Level API.

IMPORTANT:

  • This call can only be made using a Admin-Level Access Key.
  • The HTTP method for this call is POST.
  • Azure parameters typically contain special characters. In order to submit as a parameter on the URL, you must URL encode it. See http://www.w3schools.com/tags/ref_urlencode.asp for more details or to URL encode an input parameter.

XML call:

https://api.cloudcheckr.com/api/account.xml/add_azure_ea_account?access_key=[access_key]

JSON call:

https://api.cloudcheckr.com/api/account.json/add_azure_ea_account?access_key=[access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level Access Key is required for all API calls.
  • account_name (optional) – The name of the Azure account used to register with CloudCheckr.
  • azure_enrollment_number (optional) – Azure enrollment number to associate with this CloudCheckr account.
  • azure_api_access_key (optional) – Azure API Access Key (token).

OUTPUT

  • account_status – Indicates success or failure about creating the account.
  • cc_account_id – The name of the account to register with CloudCheckr.
  • credential_status – Status message indicating the result of validating the Azure credentials (if provided in the request).
  • role_account_id – Role account ID.

XML Example:

<AddAccountResponseV3 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <account_status>Success</account_status>
 <cc_account_id>9999</cc_account_id>
 <credential_status>Azure credentials applied.</credential_status>
 <role_account_id>CC-99999999999999999999999999999999</role_account_id>
</AddAccountResponseV3>

JSON Example:

{
 "account_status": "Success",
 "cc_account_id": 9999,
 "credential_status": "Azure credentials applied.",
 "role_account_id": "CC-99999999999999999999999999999999",
 "cc_external_id": null
}

ADD AZURE INVENTORY ACCOUNT

The API method “add_azure_inventory_account” is used to register an Azure Subscription account with CloudCheckr. This method will return a unique ID to enhance security for the newly created account that can be used for the parameter “use_cc_account_id” when making calls to the Admin-Level API.

IMPORTANT:

  • This call can only be made using a Admin-Level Access Key.
  • The HTTP method for this call is POST.
  • Azure parameters typically contain special characters. In order to submit as a parameter on the URL, you must URL encode it. See http://www.w3schools.com/tags/ref_urlencode.asp for more details or to URL encode an input parameter.

XML call:

https://api.cloudcheckr.com/api/account.xml/add_azure_inventory_account?access_key=[access_key]

JSON call:

https://api.cloudcheckr.com/api/account.json/add_azure_inventory_account?access_key=[access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level Access Key is required for all API calls.
  • account_name (optional) – The name of the Azure account used to register with CloudCheckr.
  • azure_ad_id (optional) – Azure Active Directory ID.
  • azure_app_id (optional) – Azure App ID.
  • azure_api_access_key (optional) – Azure API access key (token).
  • azure_subscription_id (optional) – Azure Active Directory Subscription ID.
  • azure_offer_id (optional) – Azure Offer ID.

OUTPUT

  • account_status – Indicates success or failure about creating the account.
  • cc_account_id – The name of the account to register with CloudCheckr.
  • credential_status – Status message indicating the result of validating the Azure credentials (if provided in the request).
  • role_account_id – Role account ID.

XML Example:

<AddAccountResponseV3 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <account_status>Success</account_status>
 <cc_account_id>9999</cc_account_id>
 <credential_status>Azure credentials applied.</credential_status>
 <role_account_id>CC-99999999999999999999999999999999</role_account_id>
</AddAccountResponseV3>

JSON Example:

{
 "account_status": "Success",
 "cc_account_id": 9999,
 "credential_status": "Azure credentials applied.",
 "role_account_id": "CC-99999999999999999999999999999999",
 "cc_external_id": null
}

EDIT AZURE CSP CREDENTIAL

The API method “edit_azure_csp_account” is used used to change the credentials on an Azure Cloud Solution Provider (CSP) account with CloudCheckr.

IMPORTANT:

  • This call can only be made using a Admin-Level Access Key.
  • The HTTP method for this call is POST.

XML call:

https://api.cloudcheckr.com/api/account.xml/edit_azure_csp_account?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_ad_user_name=[azure_ad_user_name]&azure_ad_user_password=[azure_ad_user_password]&azure_app_id=[azure_app_id]

JSON call:

https://api.cloudcheckr.com/api/account.json/edit_azure_csp_account?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_ad_user_name=[azure_ad_user_name]&azure_ad_user_password=[azure_ad_user_password]&azure_app_id=[azure_app_id]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level API Access Key.
  • use_cc_account_id (required) – The Account ID (Project ID) of the CloudCheckr account to update.
  • azure_ad_user_name (required) – Azure Active Directory Username.
  • azure_ad_user_password (required) – Azure Active Directory Password.
  • azure_app_id (required) – Azure Native App ID.

OUTPUT

XML & JSON Example:

{"Code":200,"Message":"Azure credentials updated."}

EDIT AZURE EA CREDENTIAL

The API method “edit_azure_ea_account” is used used to change the credentials on an Azure Enterprise Agreement (EA) account with CloudCheckr.

IMPORTANT:

  • This call can only be made using a Admin-Level Access Key.
  • The HTTP method for this call is POST.

XML call:

https://api.cloudcheckr.com/api/account.xml/edit_azure_ea_account?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_enrollment_number=[azure_enrollment_number]&azure_api_access_key=[azure_api_access_key]

JSON call:

https://api.cloudcheckr.com/api/account.json/edit_azure_ea_account?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_enrollment_number=[azure_enrollment_number]&azure_api_access_key=[azure_api_access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level API Access Key.
  • use_cc_account_id (required) – The Account ID (Project ID) of the CloudCheckr account to update.
  • azure_enrollment_number (required) – Azure enrollment number to associate with this CloudCheckr account.
  • azure_api_access_key (required) – Azure API Access Key (token).

OUTPUT

XML & JSON Example:

{"Code":200,"Message":"Azure credentials updated."}

EDIT AZURE INVENTORY CREDENTIAL

The API method “edit_azure_inventory_credential” is used used to change the credentials on an Azure Subscription account with CloudCheckr.

IMPORTANT:

  • This call can only be made using a Admin-Level Access Key.
  • The HTTP method for this call is POST.

XML call:

https://api.cloudcheckr.com/api/account.xml/edit_azure_inventory_credential?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_app_id=[azure_app_id]&azure_api_access_key=[azure_api_access_key]

JSON call:

https://api.cloudcheckr.com/api/account.json/edit_azure_inventory_credential?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]&azure_app_id=[azure_app_id]&azure_api_access_key=[azure_api_access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level API Access Key.
  • use_cc_account_id (required) – The Account ID (Project ID) of the CloudCheckr account to update.
  • azure_app_id (required) – Azure Native App ID.
  • azure_api_access_key (required) – Azure API access key (token).

OUTPUT

XML & JSON Example:

{"Code":200,"Message":"Azure credentials updated."}

GET BEST PRACTICES V2

The API method “best_practice/get_best_practices_v2” is used to pull the list of best practice results from a CloudCheckr account. This call will also show ignored checks and the reasons for those ignored items.

XML call:

https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices_v2?access_key=[access_key]

JSON call:

https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices_v2?access_key=[access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Standard Access Key required for all API calls
  • date (optional) – Date to pull the list of Best Practice results. Used to access historical data.
  • category (optional) – The category of the Best Practice report to pull. Accepts Security, Cost, Availability, and/or Usage.
  • importance (optional) – The importance level of the Best Practice checks to pull. Accepts ShowAll, High, Medium, Low, Informational, InformationAndHigher, LowAndHigher, MediumAndHigher
  • all_result (optional) – This will allow you to pull ALL results from the best practice report, even those with no issues. Accepts true or false.
  • aws_account_ids (optional; multi-account view only) – return statistics from these accounts.
  • bpc_id (optional) – This will allow you to pull results for a specific Best Practice ID number. Note: To get a list of available ID numbers, pull a list of results without specifying an ID.

OUTPUT

XML Example (AWS):

<GetBestPracticesResponse
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <BestPracticeChecks>
        <BestPracticeCheck>
            <CheckId>42</CheckId>
            <Name>Auto Scaling Groups Not Using Cooldown Period</Name>
            <ShortDescription>
Checks each Auto Scaling group to verify they are configured to utilize cooldown periods. Lists each group that does not.
</ShortDescription>
            <LongDescription>
                <p>When enabled, Auto Scaling will automatically scale EC2 capacity up or down, according to pre-defined conditions. During period of high-demand, the number of EC2 instances will increase to meet that demand. When there is little or no demand, the number of instances decreases to help minimize costs. </p>
                <p>Cooldown periods help to prevent Auto Scaling from initiating additional scaling activities before the effects of previous activities are visible. Because scaling activities are suspended when an Auto Scaling group is in cooldown, an adequate cooldown period helps to prevent a trigger from firing based on stale metrics. If a 	cool-down period is not configured, the scaling policy may scale up and down too quickly. </p>
                <p>
                    <a href="http://docs.amazonwebservices.com/AutoScaling/latest/DeveloperGuide/scaling_plan.html#scaling_policies" target="_blank">Go here to learn more.</a>
                </p>
            </LongDescription>
            <Category>Usage</Category>
            <Importance>Low</Importance>
            <CountOfResults>2</CountOfResults>
            <Ignored>true</Ignored>
            <IgnoredReason>IgnoreExample</IgnoredReason>

            <Results>
                <Result>
Auto Scaling Group: agcmgroup | Cooldown: 1 second(s) | Region: US East (Northern Virginia)
</Result>
                <Result>
Auto Scaling Group: changemon | Cooldown: 1 second(s) | Region: US East (Northern Virginia)
</Result>
            </Results>
        </BestPracticeCheck>
    </BestPracticeChecks>
    <DateOfResults>2016-01-29T15:47:56</DateOfResults>
</GetBestPracticesResponse>

JSON Example (Azure):

{
    "BestPracticeChecks": [
        {
            "Ignored": false,
            "IgnoredReason": "",
            "CheckId": 466,
            "Name": "App Service Plans with Apps with an Unknown Health Status",
            "ShortDescription": "Checks the Resource Health of each App within each App Service Plan to see to see if any are in an Unknown state.",
            "LongDescription": "

There are three different health statuses:\nAvailable: There aren't any known problems in the Azure platform that could be impacting this resource\nUnavailable: Resource health has detected issues that are impacting the resource\nUnknown: Resource health can not determine the health of a resource because it has stopped receiving information about it.\nMore information about Azure Resource Health can be found here: https://docs.microsoft.com/en-us/azure/service-health/resource-health-overview

", "Category": "Availability", "Importance": "Low", "CountOfResults": 3, "Results": [ "App Service Plan: app-plan-1 | Resource Group: app-plan-resource-group | Location: East US", "App Service Plan: app-plan-2 | Resource Group: app-plan-resource-group | Location: West US", "App Service Plan: app-plan-3 | Resource Group: app-plan-resource-group | Location: South Central US" ] }

GET RESOURCES VIRTUAL MACHINE DETAILS

The API method “get_resources_virtual_machine_details” is used to to pull the data for the List of Virtual Machines report from CloudCheckr.

JSON call:

https://api.cloudcheckr.com/api/inventory.json/get_resources_virtual_machine_details?access_key=[access_key]&use_cc_account_id=[use_cc_account_id]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Standard Access Key required.
  • use_cc_account_id (required) – CloudCheckr account ID to use. Required if the access key represents an administrator account.
  • date (optional) – Return report from this date. If date is not defined, the most recent report will be returned. Recommended date format is mm/dd/yyyy.

OUTPUT

JSON Example:

{
    "DateOfResults": "2017-09-26T15:36:43",
    "TotalCount": 1,
    "Count": 1,
    "VirtualMachines": [
        {
			"SubscriptionId": "11111111-2222-3333-4444-555555555555",
            "LocationName": "East US",
            "Name": "ManagedDisk",
            "State": "Running",
            "Url": "/subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/CLOUDCHECKR/providers/Microsoft.Compute/virtualMachines/ManagedDisk",
            "LicenseType": null,
            "VmSize": "Basic_A0",
            "Offer": "WindowsServer",
            "Sku": null,
            "Version": null,
            "OsType": "Windows",
            "DiskName": "ManagedDisk_OsDisk_1_72e7bb21920e486aa9ddc5da4532980e",
            "DIskUri": null,
            "DiskCaching": "ReadWrite",
            "DiskCreateOption": "FromImage",
            "ComputerName": "ManagedDisk",
            "Tags": [
                {
                    "TagName": "Creator",
                    "TagValue": "John Doe"
                }
            ]
        }
    ],
    "HasNext": false,
    "NextToken": ""
}