HOWTO: Get Webroot Endpoints using Unity REST API and PowerShell

Webroot has recently released a new REST API that allows us as administrators to pull detailed endpoint data programmatically. What this effectively means is that all of the information that is presented to us in the Webroot Global Site Manager can now be extracted directly and integrated into other processes. I very much wanted a script that would be able be able to run on a scheduled task and compare all the systems in Active Directory with those registered in Webroot and then report on those AD systems that either do not have Webroot installed or haven’t checked in for more than a week.

It took some reading and trial and error but I managed to create a PowerShell script that can connect to Webroot and pull all of the details for every endpoint for a given keycode into an object which you can then do whatever you want with. I figured I’d save you the frustration of figuring out how to make this. Of course this code is presented as is. It’s working for me but your mileage may vary.

Here’s how it works:

1) You specify the Keycode you want to report on and provide your regular end user credentials as well as a special API client ID and password which you can create in the GSM
2) The script will then request a REST API token which is valid for 300 seconds
3) It will then use that token to request the siteID of the specified keycode
4) It will then use that siteid to grab all of the endpoints and their details for every endpoint associated with the given keycode and display the results

If you find this useful, let me know in the comments.

# The base URL for which all REST operations will be performed against
$BaseURL = 'https://unityapi.webrootcloudav.com'

# The keycode for the site that you wish to extract endpoint details from
$Keycode = 'AAAA-BBBB-CCCC-DDDD-EEEE'

# An administrator user for your Webroot portal -- this is typically the same user you use to login to the main portal
$WebrootUser = 'user@company.com'

# This is typically the same password used to log into the main portal
$WebrootPassword = 'mypassword'

# This must have previously been generated from the Webroot GSM for the site you wish to view
$APIClientID = 'client_abcdefgh@company.com'
$APIPassword = 'generatedpassword'

# You must first get a token which will be good for 300 seconds of future queries.  We do that from here
$TokenURL = "$BaseURL/auth/token"

# Once we have the token, we must get the SiteID of the site with the keycode we wish to view Endpoints from
$SiteIDURL = "$BaseURL/service/api/console/gsm/$KeyCode/sites"

# All Rest Credentials must be first converted to a base64 string so they can be transmitted in this format
$Credentials = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($APIUsername+":"+$APIPassword ))

write-host "Processing connection 1 of 3 (Obtain an access token)" -ForegroundColor Green
$Params = @{
            "ErrorAction" = "Stop"
            "URI" = $TokenURL
            "Headers" = @{"Authorization" = "Basic "+ $Credentials}
            "Body" = @{
                          "username" = $WebrootUser
                          "password" = $WebrootPassword
                          "grant_type" = 'password'
                          "scope" = '*'
                        }
            "Method" = 'post'
            "ContentType" = 'application/x-www-form-urlencoded'
            }

$AccessToken = (Invoke-RestMethod @Params).access_token

write-host "Processing connection 2 of 3 (Obtain the site ID for the provided keycode)" -ForegroundColor Green
$Params = @{
            "ErrorAction" = "Stop"
            "URI" = $SiteIDURL
            "ContentType" = "application/json"
            "Headers" = @{"Authorization" = "Bearer "+ $AccessToken}
            "Method" = "Get"
        }

$SiteID = (Invoke-RestMethod @Params).Sites.SiteId

write-host "Processing connection 3 of 3 (Get list of all endpoints and their details)" -ForegroundColor Green
$EndpointURL = "$BaseURL/service/api/console/gsm/$KeyCode/sites/$SiteID" +'/endpoints?PageSize=1000'

$Params = @{
            "ErrorAction" = "Stop"
            "URI" = $EndpointURL
            "ContentType" = "application/json"
            "Headers" = @{"Authorization" = "Bearer "+ $AccessToken}
            "Method" = "Get"
        }

$AllEndpoints = (Invoke-RestMethod @Params)

$AllEndpoints.Endpoints | Format-Table


2 comments

    • Josh on January 17, 2017 at 8:21 pm
    • Reply

    This is great work, thank you! I did find an error on line 24 – instead of $APIUsername it should read $APIClientID

    • Boris on September 29, 2017 at 2:52 pm
    • Reply

    Hello, thankyou for the script. It was a good basis for me. With multiple Sites, the code needs to be adjusted a bit (GSM Masterkeycode and Site Keycode)

    Rg. Boris

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.