Yurbi API Reference

Authentication

Log in

POST /api/login/DoLogin

Authenticate a user and receive a session token. On success the token is in LoginSession.SessionToken and ErrorCode is 0. On bad credentials the call returns ErrorCode 101 with message "Login Failed - Username or Password is invalid." and a null LoginSession.

Common use: Start here. Run this once, copy the returned token into the Session token field at the top of the page, and every other sample is ready to send. bolForceLogin is legacy — always send true.

Body parameters

UserIdstring	Required	The user's login name.
UserPasswordstring	Required	The user's PIN / password.
isGuestboolean	Required	Set true only for a guest login; otherwise false.
bolForceLoginboolean	Required	Legacy flag — always send true.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "ErrorCode": 0,
  "ErrorMessage": "",
  "LoginSession": {
    "SessionToken": "ZJDWEGWKNWMBINE[W[RPBTGBO",
    "SessionFlag": 0,
    "isGuestSession": false,
    "SessionExpir": "2025-09-02T13:27:43.382837-04:00"
  }
}

Authentication

Check session

POST /api/Session/CheckSession

Confirm a session token is still valid. Use this before a long-running job, or to decide whether you need to log in again.

Common use: Cheap to call. A common pattern: check the session, and if it's expired, silently re-run Log in before continuing.

Requires a session token in the request body.

Body parameters

sessionTokenstring

Required

The session token to validate.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "IsValid": true,
  "ErrorCode": 0,
  "ErrorMessage": null
}

Authentication

Log out

POST /api/login/DoLogout

End a session and release its token. Good hygiene for short-lived sessions created by automation.

Common use: Call this when a script finishes so you don't leave sessions open on the server.

Requires a session token in the request body.

Body parameters

sessionTokenstring

Required

The session token to end.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "ErrorCode": 0,
  "ErrorMessage": null
}

Users

New user template

POST /api/Contact/NewContact

Return a blank user object pre-filled with sensible defaults. The recommended starting point for creating a user — fetch this template, fill in the fields, then post it to SaveContact.

Common use: Avoid guessing the user shape: get the template here, set LoginName / names / Pin, and send it straight to Create or update a user.

Requires a session token in the request body.

Body parameters

sessionTokenstring

Required

A valid admin session token.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "ErrorCode": 0,
  "ID": null,
  "LoginName": "",
  "FirstName": "",
  "LastName": "",
  "AuthType": "PIN",
  "twofa": "none",
  "SecurityGroups": []
}

Users

Create or update a user

POST /api/Contact/SaveContact

Create a new user, or update an existing one. Send the user inside a user object with ID: null to create, or an existing ID to update. Requires an admin session token.

Common use: Recommended flow: call NewContact first to get a template, fill it in, then post it here. Leave SecurityGroups empty and manage membership with the Group endpoints (AddUser / RemoveUser).

Requires a session token in the request body.

Body parameters

sessionTokenstring	Required	A valid admin session token.
user.FirstNamestring	Required	First name.
user.LastNamestring	Required	Last name.
user.LoginNamestring	Required	The user's login name.
user.Pinstring	Required	The user's password.
user.AuthTypestring	Required	"PIN" unless using Windows AD authentication.
user.timezoneinteger	Required	Numeric timezone offset, e.g. -5.
user.timezonenamestring	Required	Timezone name, e.g. "Eastern Standard Time".
user.twofastring	Required	"none" unless configuring 2FA.
user.SecurityGroupsarray	Required	Leave empty []; manage membership via the Group endpoints.
withpinboolean	Required	Send true when the password is supplied in user.Pin.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "ErrorCode": 0,
  "ErrorMessage": "",
  "ID": "639046099446490166",
  "LoginName": "jsmith405",
  "FirstName": "Jane",
  "LastName": "Smith",
  "isAdmin": false
}

Users

List users

POST /api/Contact/GetContactList

Return every user on the instance, with profile and role flags (LoginName, EmailAddress, isAdmin, and more). Find a user's ID here before updating them with SaveContact.

Common use: Look up an existing admin by login name, or confirm whether a user already exists before creating one.

Requires a session token in the request body.

Body parameters

sessionTokenstring

Required

A valid admin session token.

Edit any value, then Send Invalid JSON

Response

Example response

[
  {
    "ID": "482",
    "LoginName": "jdoe",
    "EmailAddress": "jdoe@acme.com",
    "isAdmin": true
  },
  {
    "ID": "483",
    "LoginName": "msmith",
    "EmailAddress": "msmith@acme.com",
    "isAdmin": false
  }
]

Groups & Roles

Create or update a group

POST /api/Group/SaveSecurityGroup

Create a security group, or update an existing one. Send GroupId: null to create. For a new group, leave AllUsers and AllRoles empty and add members with AddUser. Updating an existing group this way is not recommended — use AddUser / RemoveUser for membership.

Common use: Create a tenant's group once, then manage who's in it (and their role) through the AddUser / RemoveUser endpoints.

Requires a session token in the request body.

Body parameters

sessionTokenstring	Required	A valid admin session token.
group.GroupNamestring	Required	Name of the security group.
group.GroupDescriptionstring	Required	Group description.
group.GroupStatusinteger	Required	Legacy field — set to 0.
group.AllUsersarray	Required	Leave [] for a new group; populate via AddUser.
group.AllRolesarray	Required	Leave [] for a new group; populate via AddUser.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "ErrorCode": 0,
  "ErrorMessage": "",
  "GroupId": "16",
  "GroupName": "Acme — Customer A"
}

Groups & Roles

Add user to group

POST /api/Group/AddUser

Add a user to a security group with a specific role. Roles: 1 Admin (full access), 2 View (read-only), 3 Modify (edit), 4 Delete. Returns a plain-text result; errors include "GroupId/ContactId/RoleId is required.", "Invalid session.", and "Permission Denied."

Common use: The recommended way to grant access: pick the group, the user (ContactId from List users), and the role to assign.

Requires a session token in the request body.

Body parameters

sessionTokenstring	Required	A valid admin session token.
GroupIdstring	Required	The group's ID.
ContactIdstring	Required	The user's ID (from List users).
RoleIdstring	Required	Role to assign: "1" Admin, "2" View, "3" Modify, "4" Delete.

Edit any value, then Send Invalid JSON

Response

Example response

"User Added Successfully."

Groups & Roles

Remove user from group

POST /api/Group/RemoveUser

Remove a user from a security group. Returns a plain-text result — "User Removed Successfully." on success; errors include "GroupId/ContactId is required.", "Invalid session.", and "Permission Denied."

Common use: Revoke a user's access to a group's resources without deleting the user.

Requires a session token in the request body.

Body parameters

sessionTokenstring	Required	A valid admin session token.
GroupIdstring	Required	The group's ID.
ContactIdstring	Required	The user's ID.

Edit any value, then Send Invalid JSON

Response

Example response

"User Removed Successfully."

AppShield

Add group to policy

POST /api/AppShield/AddGroup

Attach a security group to an AppShield data-security policy. Requires a valid admin session; the policy and group must already exist. Returns plain text: Success, or Group is already a member if it was already attached. Errors: "Group not found.", "Policy not found.", "Invalid Session.", "GroupId is required.", "policyid is required.", "Permission Denied."

Common use: Wire a tenant's group into the policy that scopes their data — the integration step that makes AppShield enforce isolation for that group.

Requires a session token in the request body.

Body parameters

sessionTokenstring	Required	A valid admin session token.
policyidstring	Required	ID of the AppShield policy. Must exist.
groupidstring	Required	ID of the security group to add. Must exist.

Edit any value, then Send Invalid JSON

Response

Example response

"Success"

AppShield

Remove group from policy

POST /api/AppShield/RemoveGrp

Detach a security group from an AppShield data-security policy. Requires a valid admin session; the policy and group must exist. Returns plain text: Success, or No Changes if the group was not attached to the policy. Errors: "Group not found.", "Policy not found.", "Invalid Session.", "GroupId is required.", "policyid is required.", "Permission Denied."

Common use: Stop a policy from applying to a group — e.g. when offboarding a tenant or restructuring access.

Requires a session token in the request body.

Body parameters

sessionTokenstring	Required	A valid admin session token.
policyidstring	Required	ID of the AppShield policy. Must exist.
groupidstring	Required	ID of the security group to remove. Must exist.

Edit any value, then Send Invalid JSON

Response

Example response

"Success"

Apps & Servers

List apps

POST /api/App/GetApplicationList

Return every application (app) defined on the instance, with its ID and name. Use the IDs when granting a user access in SaveContact.

Common use: Fetch this first when creating users, so you can grant access to the right apps by ID instead of guessing.

Requires a session token in the request body.

Body parameters

sessionTokenstring

Required

A valid session token.

Edit any value, then Send Invalid JSON

Response

Example response

[
  {
    "ID": "52",
    "Name": "Yurbi v10"
  },
  {
    "ID": "61",
    "Name": "Sales Reporting"
  }
]

Apps & Servers

List registered servers

POST /api/RegServers/GetAdminRegisteredServers

Return the registered server (data source) records an admin can manage — including database host, name, and the linked report module. This is the record you edit, then save back with SaveRegSrv.

Common use: Always read-modify-write: fetch the record here, change only the fields you need, then post the whole object to Update an app.

Requires a session token in the request body.

Body parameters

sessionTokenstring

Required

A valid admin session token.

Edit any value, then Send Invalid JSON

Response

Example response

[
  {
    "ID": "1",
    "DatabaseServer": "db.internal",
    "AppName": "Audit App",
    "ReportModule": {
      "ID": "52",
      "Name": "Yurbi v10"
    }
  }
]

Apps & Servers

Update an app

POST /api/RegServers/SaveRegSrv

Save a registered server record. The API replaces the full record, so fetch it with GetAdminRegisteredServers first, change the fields you need, and post the complete object back inside regserver.

Common use: Point an app at a different database after a migration: pull the record, swap DatabaseServer, save it back.

Requires a session token in the request body.

Body parameters

sessionTokenstring	Required	A valid admin session token.
regserverobject	Required	The full registered-server record to save.
bsaveasanydbboolean	Optional	Save against any database type. Defaults to false.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "ID": "1",
  "DatabaseServer": "db.newhost.internal",
  "ErrorCode": 0,
  "ErrorMessage": null
}

Email (SMTP)

Get SMTP settings

POST /api/SMTP/GetSMTP

Return the instance's current outbound email (SMTP) configuration — host, port, from address, security, and credentials. This is the record you edit and post back with SaveSMTP.

Common use: Read-modify-write: fetch the current settings here, change only what you need, then save them back. Also returns the SMTPId needed by DeleteSMTP.

Requires a session token in the request body.

Body parameters

sessionTokenstring

Required

A valid admin session token.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "SMTPId": "1",
  "SMTPHost": "smtp.acme.com",
  "SMTPPort": "587",
  "SMTPFromAddress": "noreply@acme.com",
  "SMTPRequiredSecurity": "TLS",
  "SMTPUserName": "smtp-user",
  "SMTPEnableSSL": true,
  "ErrorCode": 0,
  "ErrorMessage": null
}

Email (SMTP)

Save SMTP settings

POST /api/SMTP/SaveSMTP

Save the outbound email (SMTP) configuration. Send the full smtp object — fetch the current one with GetSMTP first, change the fields you need, and post it back.

Common use: Point the instance at a new mail relay: pull the settings, update host/port/credentials, save. Scheduled reports and alerts use this server.

Requires a session token in the request body.

Body parameters

sessionTokenstring	Required	A valid admin session token.
smtpobject	Required	The SMTP settings: SMTPHost, SMTPPort, SMTPFromAddress, SMTPRequiredSecurity, SMTPUserName, SMTPPassword, SMTPEnableSSL.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "SMTPId": "1",
  "ErrorCode": 0,
  "ErrorMessage": null
}

Email (SMTP)

Delete SMTP settings

POST /api/SMTP/DeleteSMTP

Remove the configured SMTP settings. Pass the smtp object returned by GetSMTP (it carries the SMTPId that identifies the record to delete).

Common use: Clear email config before reconfiguring from scratch. Call GetSMTP first — if there's no SMTPId, nothing is configured and there's nothing to delete.

Requires a session token in the request body.

Body parameters

sessionTokenstring	Required	A valid admin session token.
smtpobject	Required	The SMTP record to delete, including its SMTPId (from GetSMTP).

Edit any value, then Send Invalid JSON

Response

Example response

{
  "ErrorCode": 0,
  "ErrorMessage": null
}

Instance Settings

Get instance settings

POST /api/AppSettings/GetAppSettings

Return the instance-wide settings object — including MaxRecords (the row cap applied to queries) and SchedulerMode. This is the record you edit and post back with SaveAppSettings.

Common use: Always read-modify-write: SaveAppSettings replaces the whole record, so fetch it here first and change only the fields you need.

Requires a session token in the request body.

Body parameters

sessionTokenstring

Required

A valid admin session token.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "MaxRecords": 50000,
  "SchedulerMode": 1,
  "ErrorCode": 0,
  "ErrorMessage": null
}

Instance Settings

Save instance settings

POST /api/AppSettings/SaveAppSettings

Save the instance-wide settings. The API replaces the full record, so fetch it with GetAppSettings first, change the fields you need (e.g. MaxRecords), and post the complete object back inside appsettings.

Common use: Raise or lower the global row cap: pull settings, set MaxRecords, save. Numeric fields must be sent as numbers, not strings.

Requires a session token in the request body.

Body parameters

sessionTokenstring	Required	A valid admin session token.
appsettingsobject	Required	The full settings object to save, e.g. MaxRecords (integer), SchedulerMode (integer).

Edit any value, then Send Invalid JSON

Response

Example response

{
  "MaxRecords": 50000,
  "SchedulerMode": 1,
  "ErrorCode": 0,
  "ErrorMessage": null
}

Instance Settings

Get audit types

POST /api/Audit/GetAuditTypes

Return the list of audit event types and their retention settings. The response is an array — the same shape you post back, edited, to SaveAuditTypes.

Common use: Fetch the current audit types before changing retention, so you save back the complete, modified list rather than a partial one.

Requires a session token in the request body.

Body parameters

sessionTokenstring

Required

A valid admin session token.

Edit any value, then Send Invalid JSON

Response

Example response

[
  {
    "AuditTypeId": "1",
    "Name": "Login",
    "RetentionDays": 90
  },
  {
    "AuditTypeId": "2",
    "Name": "Report Run",
    "RetentionDays": 90
  }
]

Instance Settings

Save audit types

POST /api/Audit/SaveAuditTypes

Save audit event types and their retention. Send the full list in AuditTypeList — fetch it with GetAuditTypes first, adjust retention, and post the complete array back.

Common use: Apply a uniform retention policy: pull the list, set RetentionDays on each type, save the whole list back.

Requires a session token in the request body.

Body parameters

sessionTokenstring	Required	A valid admin session token.
AuditTypeListarray	Required	The full list of audit type objects to save (from GetAuditTypes, modified).

Edit any value, then Send Invalid JSON

Response

Example response

{
  "ErrorCode": 0,
  "ErrorMessage": null
}

Licensing

Refresh licenses

POST /api/LicenseManager/RefreshInstalledLicenses

Tell the instance to re-read its installed licenses. Run this after a license change so the server picks up new entitlements without a restart.

Common use: Part of an automated deploy: after applying a new license, call this so seat counts and feature flags take effect immediately.

Requires a session token in the request body.

Body parameters

sessionTokenstring

Required

A valid admin session token.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "Refreshed": true,
  "ErrorCode": 0,
  "ErrorMessage": null
}

Licensing

Get installation ID

POST /api/LicenseManager/GetInstallationID

Return this instance's unique installation ID. This identifier ties the running instance to its license.

Common use: A safe, read-only health check that an instance is up and authenticating — and the value you reference when working with licensing.

Requires a session token in the request body.

Body parameters

sessionTokenstring

Required

A valid admin session token.

Edit any value, then Send Invalid JSON

Response

Example response

{
  "InstallationID": "a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d",
  "ErrorCode": 0,
  "ErrorMessage": null
}