Iis Administration
Iis Administration
The Microsoft IIS Administration API is a REST API that enables consumers to configure
and monitor their IIS web servers. With the API installed on an IIS machine, one can
configure an IIS instance with any HTTP client.
IIS Administration is the perfect option for remote management. The API is a micro
service that runs on the target machine, so by nature it is meant to serve remote
requests. Opening up the port that the service listens on is the only step necessary to
make remote management available for the machine. This means, web site creation,
application pool monitoring, and security configuration can be handled from one client
for a cluster of machines with little overhead.
The IIS Administration service is being developed to completely open up IIS. There are
constantly features being worked on and added. We are able to release updates quickly
because the Administration Service is a separate download from the IIS service. This also
has means that customers can depend on whichever version of the API that they choose.
Security is a top priority. Our service can use any form of authentication and
authorization that IIS uses. This means client certificate authentication, basic
authentication, and even Windows authentication. Every call made to the API requires an
access token in the request header and the service is not available from outside of the
machine unless the port that it listens on is opened. The built-in security allows users to
confidently install the IIS Administration API on their machines without worrying that
they are compromising their system.
So Many Options
A REST API is accessible from anywhere.
PowerShell
.NET
Java
Python
Javascript
Native mobile applications (Android, iOS, Windows)
Browser applications
Feedback
Was this page helpful? ツ Yes ト No
Requirements
The Microsoft IIS Administration API supports Windows 7 and above.
The IIS Administration API depends on .NET Core and will automatically download and
install it if it is not present on the machine
Installing
The latest version of the Microsoft IIS Administration API is available for download
here .
After installation is a perfect time to configure the service for its intended purpose. To
get a better idea of what the API has to offer, take a look at the built-in API explorer.
Feedback
Was this page helpful? ツ Yes ト No
All of the application's settings are contained in a file named appsettings.json. Any
changes to the appsettings.json file will require restarting the "Microsoft IIS
Administration" service to take effect.
CORS
CORS policies allow browser based applications to send requests to the Microsoft IIS
Administration API.
Default Settings
The IIS Administration API will not allow CORS for any origin if there are no cors settings
present.
Format
For example, the following setting enables CORS:
"cors": {
"rules": [
{
"origin": "https://contoso.com",
"allow": true
}
]
}
rules: A set of CORS rules to control how the API shares resources.
origin: The origin, as defined in the CORS specification, to allow or deny. If the
wild card character, *, is provided as the origin, that rule will apply to all origins.
Default Settings
The IIS Administration API will allow read access to %systemdrive%\inetpub if there are
no files settings present.
Format
The following settings allow read/write access to %systemdrive%\inetpub
"files": {
"locations": [
{
"alias": "inetpub",
"path": "%systemdrive%\\inetpub",
"claims": [
"read",
"write"
]
}
]
}
locations: A set of file system locations and associated rights specifying what operations
are allowed to be performed through the API.
path: A root path to assign the list of claims. All files or directories under this path
inherit the list of claims unless overridden with a more specific path.
claims: Specifies what operations are allowed to be performed on files directories
under the path. An empty set of claims means no access will be allowed to that
location.
Security
The security section was introduced in IIS Administration 2.0.0. This section specifies the
requirements to access the API.
Default Settings
By default the API requires all requests to have valid Windows credentials as indicated
by the require_windows_authentication flag. Access to the API's resources, such as
websites and applications, and access key manipulation require the user to be in the
administrators API role. High privilege operations require the user to be in the owners
role. When the API is installed, the administrators and owners roles are automatically
populated with the user that executed the installer.
Format
"security": {
"require_windows_authentication": true,
"users": {
"administrators": [
],
"owners": [
]
},
"access_policy": {
"api": {
"users": "administrators",
"access_key": true
},
"api_keys": {
"users": "administrators",
"access_key": false
},
"system": {
"users": "owners",
"access_key": true
}
}
}
require_windows_authentication: A boolean value that specifies whether valid Windows
authentication is required for all requests to the API. If true, any request that is not
Windows authenticated will be rejected. If false, Windows authentication requirements
are determined by the access_policy settings.
users: A mapping between Windows users/groups and roles within the API. Any role can
be added, but by default the appsettings.json file contains administrators and owners.
These roles are used in the access_policy section to govern access to different sections of
the API.
access_policy: Access policies specify a set of requirements to access areas within the
API. The IIS Administration API comes with three different access policies, api, api_keys,
and system.
api: This access policy is for API resources such as web sites, application pools, and
files.
system: This access policy is for high privilege actions that are offered by the API,
such as changing the identity of an application pool to LocalSystem.
Each access policy has a set of requirements that can be configured. The available
requirements are:
users: Specifies which roles from the security.users section are allowed access. To allow
all users use a value of 'Everyone'.
read_only: Enforces a read-only mode by restricting all requests to use the HTTP GET
method.
Complete Example
{
"host_id": "",
"logging": {
"enabled": true,
"file_name": "log-{Date}.txt",
"min_level": "Error",
"path": null
},
"auditing": {
"enabled": true,
"file_name": "audit-{Date}.txt",
"path": null
},
"security": {
"require_windows_authentication": true,
"users": {
"administrators": [
],
"owners": [
]
},
"access_policy": {
"api": {
"users": "administrators",
"access_key": true
},
"api_keys": {
"users": "administrators",
"access_key": false
},
"system": {
"users": "owners",
"access_key": true
}
}
},
"cors": {
"rules": [
{
"origin": "https://contoso.com",
"allow": true
}
]
},
"files": {
"locations": [
{
"alias": "inetpub",
"path": "%systemdrive%\\inetpub",
"claims": [
"read"
]
}
]
}
}
Feedback
Was this page helpful? ツ Yes ト No
Every request to the API requires an access token. If a request is made to the API
without an access token, the API will respond with an HTTP 403 status code and will set
the 'WWW-Authenticate' HTTP header to 'Bearer'. The API expects the access token to
be in the Access-Token header of every request. The value of the Access-Token header
should be 'Bearer ' followed by the access token being used to access the API.
GET /api
Access-Token: Bearer {Access-Token}
Generating Tokens
Access tokens can be generated in multiple ways. The predominant method is through
the built in API Explorer. Access tokens can also be generated programatically through
the API keys endpoint.
Securing Tokens
By default only members of the 'Administrators' and 'IIS Administrators' can generate
access tokens. This requirement is set through the integrated security that the IIS
Administration API utilizes. Windows Authentication provides more information on the
integrated security used by the API.
Feedback
Was this page helpful? ツ Yes ト No
This article is deprecated as of IIS Administration 2.0.0. and has been replaced by the
appsettings security section
The Microsoft IIS Administration API has access to all of the integrated security
mechanisms offered by IIS. These settings are located in the web.config file that comes
with the installation of the API. In this file windows authentication and authorization
requirements are specified. This file can be manipulated to customize who is allowed to
access the API, for example, windows authentication can be replaced with client
certificate authentication. Any changes to the web.config file will require restarting the
"Microsoft IIS Administration" service to take effect.
Default Settings
[Windows Authentication]
[Client Certificate Authentication]
-->
<location path="security">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
<authorization>
<clear />
<add accessType="Deny" users="?" />
<add accessType="Allow" roles="Administrators,IIS Administrators"
/>
</authorization>
</security>
</system.webServer>
</location>
<!--
API area
Protected by ACCESS TOKEN
The host can provide additional authentication on top
-->
<location path="api">
<system.webServer>
<security>
<authentication>
<!-- Need for CORs -->
<anonymousAuthentication enabled="true" />
</authentication>
<authorization>
<!-- Need for CORs -->
<add accessType="Allow" verbs="OPTIONS" users="*" />
</authorization>
</security>
</system.webServer>
</location>
</configuration>
Feedback
Was this page helpful? ツ Yes ト No
This article is deprecated as of IIS Administration 2.0.0. and has been replaced by the
appsettings security section
Out of the box, the Microsoft IIS Administration API utilizes IIS's windows authentication
module to authenticate users. These settings are specified in the web.config file. The
windows authentication module restricts access to the API to to users in the
Administrators and IIS Administrators groups. By manipulating the web.config file, one
can alter the requirements for windows authentication. If windows authentication is
removed access tokens become the sole mechanism for security.
Browser Access
Depending on browser settings, users who access the API via the built-in API Explorer
may notice a login prompt. This is the browser's mechanism for authenticating with
windows credentials. Domain users should include their domain name when specifying
their username, for example contoso\johndoe.
Feedback
Was this page helpful? ツ Yes ト No
This article is deprecated as of IIS Administration 2.0.0. and has been replaced by the
appsettings security section
By default the Microsoft IIS Administration API only allows access to windows users that
are part of the Administrators and IIS Administrators groups. The IIS Administrators
group is generated during installation of the API and the installing user is automatically
added to the group.
/security
The /security route is security critical, therefore the web.config file specifies the security
settings for this route separately. It is recommended not to lift the requirement for users
to be in the Administrators or IIS Administrators group to access this route.
/api
On top of the default authorization requirements, the /api route requires an access-
token with every request. Some users may wish to modify the windows based
authorization requirements of the api route to add or remove roles. This is a viable
option for those wishing to use the API to administor their servers.
The /api route allows anonymous access for HTTP OPTIONS requests. This is necessary
for CORS requests from allowed origins to be successful. Without this rule, browser
based GUIs would not be capable of using the API.
Feedback
Was this page helpful? ツ Yes ト No
The Microsoft IIS Administration API comes with a built in interface called the API
Explorer. This explorer allows users to navigate the API using hyperlinks. Resources can
be created, retrieved, modified, and removed directly from this tool. By default, the API
Explorer can be reached by browsing https://localhost:55539 on any machine that has
the API installed. This interface is also where access tokens are created.
Connecting
The first time that the api explorer is used it will prompt for an access token. Every
request to the API requires an access token, even those made from the explorer. Input
the access token that you use to communicate with the API or click on the "ACCESS
KEYS" link at the top right of the explorer to generate an access token. Checking the
"Keep me connected" box will allow your browser to remember your access token for
future use of the explorer.
Browsing
Once you have connected to the explorer you can begin browsing. The API's resources
have been designed using HAL , which allows the resources to provide the navigation
engine used by the explorer. As links are clicked the url in the nagivation pane at the top
of the explorer is updated to reflect the location of the current resource.
Feedback
Was this page helpful? ツ Yes ト No
The API Explorer enables resources to be retrieved, updated, created and deleted. The
type of interaction is specified by the methods at the top of the navigation panel.
METHOD DESCRIPTION
Creating a Resource
By selecting the post option on the navigation panel, resources can be created. When
the post option is selected a text area appears on the screen where the JSON
representation of a resource can be written. The JSON in this text area is used to create
the resource when the go arrow is clicked.
Updating a Resource
The modification of resources is done by issuing patch requests. To update a resource,
select the patch option on the navigation pane which will open the text area for the
request content. The content of the patch request should contain the desired state of
the resource. For example, to stop a web site we send a patch request indicating that
the status of the web site should be stopped.
Feedback
Was this page helpful? ツ Yes ト No
The web based manager at manage.iis.net is the perfect way to administer IIS
machines. The web manager can be used to connect to multiple servers whether they be
local or remote. The portal can even be used to download and install the API if it is not
already present on the local machine.
Initial Visit
When visiting the management portal for the first time, a welcome page will appear
allowing the API to be downloaded. The download button contains the latest release of
the IIS Administration API. Once the installer has been downloaded the management
portal will wait for the installation to finish. To skip installation of the API and go straight
to the connect screen click the Skip this button.
Connecting
When the installation has completed successfully the connect screen will appear. From
this screen, connections can be made to any IIS server that is running the administration
API. To finish connecting to the local instance of the API, an access token must be
acquired. After generating an access token, return to the connect screen and paste the
access token into the Access Token field. Click connect to finish creating the connection
to the API.
Acquiring an Access Token
Clicking the "Get Access Token" link under the Access Token field will open up the access
tokens page of the API explorer. Once at the access key creation screen, create a key to
enable access to the API from the management portal. When an access key is generated
the expiration time of the key can be set and a purpose can be provided. A good
purpose will tell the reader who the key belongs to, where it is being used, and how it is
being used. The creation of an access key will display an associated access token. This is
the private value that is used on the GUI connection screen and it should not be shared.
Connect
When the access token has been provided in the access token field, the connect button
will light up. Check the remember me box if using a trusted machine to make the
management experience better on subsequent accesses. Otherwise the access token will
have to be input again. Click the connect button to move to the homepage of the web
manager.
Feedback
Was this page helpful? ツ Yes ト No
Application pools provide an isolation mechanism for processes on the web server.
There are many different settings available to fine-tune the behavior of the worker
processes used to serve request through IIS. The application pool API allows consumers
to create, read, delete, or update their application pools.
GET /api/webserver/application-pools/{id}
{
"name": "DefaultAppPool",
"id": "{id}",
"status": "started",
"auto_start": "true",
"pipeline_mode": "integrated",
"managed_runtime_version": "v4.0",
"enable_32bit_win64": "false",
"queue_length": "1000",
"cpu": {
"limit": "0",
"limit_interval": "5",
"action": "NoAction",
"processor_affinity_enabled": "false",
"processor_affinity_mask32": "0xFFFFFFFF",
"processor_affinity_mask64": "0xFFFFFFFF"
},
"process_model": {
"idle_timeout": "20",
"max_processes": "1",
"pinging_enabled": "true",
"ping_interval": "30",
"ping_response_time": "90",
"shutdown_time_limit": "90",
"startup_time_limit": "90",
"idle_timeout_action": "Terminate"
},
"identity": {
"identity_type": "ApplicationPoolIdentity",
"username": "",
"load_user_profile": "true"
},
"recycling": {
"disable_overlapped_recycle": "false",
"disable_recycle_on_config_change": "false",
"log_events": {
"time": "true",
"requests": "true",
"schedule": "true",
"memory": "true",
"isapi_unhealthy": "true",
"on_demand": "true",
"config_change": "true",
"private_memory": "true"
},
"periodic_restart": {
"time_interval": "1740",
"private_memory": "0",
"request_limit": "0",
"virtual_memory": "0",
"schedule": []
}
},
"rapid_fail_protection": {
"enabled": "true",
"load_balancer_capabilities": "HttpLevel",
"interval": "5",
"max_crashes": "5",
"auto_shutdown_exe": "",
"auto_shutdown_params": ""
},
"process_orphaning": {
"enabled": "false",
"orphan_action_exe": "",
"orphan_action_params": ""
},
"_links": {
"webapps": {
"href": "/api/webserver/webapps?application_pool.id={id}"
},
"websites": {
"href": "/api/webserver/websites?application_pool.id={id}"
},
"worker_processes": {
"href": "/api/webserver/worker-processes?application_pool.id=
{id}"
}
}
}
Feedback
Was this page helpful? ツ Yes ト No
Web sites are a core entity of IIS that determine where and how requests will be
handled. The web site API allows consumers to create, read, delete, or update their web
sites. This is suitable for scripting automated deployments or making alterations to
existing resources.
GET /api/webserver/websites/{id}
{
"name": "Default Web Site",
"id": "{id}",
"physical_path": "%SystemDrive%\\inetpub\\wwwroot",
"key": "1",
"status": "started",
"server_auto_start": "true",
"enabled_protocols": "http",
"limits": {
"connection_timeout": "120",
"max_bandwidth": "4294967295",
"max_connections": "4294967295",
"max_url_segments": "32"
},
"bindings": [
{
"protocol": "https",
"binding_information": "*:443:",
"ip_address": "*",
"port": "443",
"hostname": "",
"certificate": {
"name": "Web Hosting Certificate",
"id": "{certificate_id}",
"issued_by": "CN=localhost",
"subject": "CN=localhost",
"thumbprint": "2F6C0E796B8DAC4A1DDBF59F1714A19D9520B88A",
"valid_to": "2022-01-09T00:00:00Z"
},
"require_sni": "false"
},
{
"protocol": "http",
"binding_information": "*:80:",
"ip_address": "*",
"port": "80",
"hostname": ""
},
{
"protocol": "net.tcp",
"binding_information": "808:*"
}
],
"application_pool": {
"name": "DefaultAppPool",
"id": "{application_pool_id}",
"status": "started"
},
"_links": {
"authentication": {
"href": "/api/webserver/authentication/{authentication_id}"
},
"authorization": {
"href": "/api/webserver/authorization/{authorization_id}"
},
"default_document": {
"href": "/api/webserver/default-documents/{default_document_id}"
},
"delegation": {
"href": "/api/webserver/feature-delegation?website.id={id}"
},
"directory_browsing": {
"href": "/api/webserver/directory-
browsing/{directory_browsing_id}"
},
"files": {
"href": "/api/webserver/files/{files_id}"
},
"handlers": {
"href": "/api/webserver/http-handlers/{handlers_id}"
},
"ip_restrictions": {
"href": "/api/webserver/ip-restrictions/{ip_restrictions_id}"
},
"logging": {
"href": "/api/webserver/logging/{logging_id}"
},
"modules": {
"href": "/api/webserver/http-modules/{modules_id}"
},
"request_filtering": {
"href": "/api/webserver/http-request-
filtering/{request_filtering_id}"
},
"request_monitor": {
"href": "/api/webserver/http-request-monitor/requests?
website.id={request_monitor_id}"
},
"request_tracing": {
"href": "/api/webserver/http-request-
tracing/{request_tracing_id}"
},
"response_compression": {
"href": "/api/webserver/http-response-
compression/{response_compression_id}"
},
"response_headers": {
"href": "/api/webserver/http-response-
headers/{response_headers_id}"
},
"ssl": {
"href": "/api/webserver/ssl-settings/{ssl_id}"
},
"static_content": {
"href": "/api/webserver/static-content/{static_content_id}"
},
"vdirs": {
"href": "/api/webserver/virtual-directories?website.id={id}"
},
"webapps": {
"href": "/api/webserver/webapps?website.id={id}"
}
}
}
{
"name": "Demonstration Site",
"physical_path": "C:\\inetpub\\wwwroot\\DemonstrationSite",
"bindings": [
{
"protocol": "HTTP",
"port": "8081",
"ip_address": *
}
]
}
Creating a web site that listens for HTTPS requests on port 8082. POST
/api/webserver/websites
{
"name": "Demonstration Site",
"physical_path": "C:\\inetpub\\wwwroot\\DemonstrationSite",
"bindings": [
{
"protocol": "HTTPS",
"port": "8082",
"ip_address": *,
"certificate": {
"id": {certificate_id}
}
}
]
}
{
"name": "Demonstration Site",
"physical_path": "C:\\inetpub\\wwwroot\\DemonstrationSite",
"bindings": [
{
"protocol": "HTTP",
"port": "8081",
"ip_address": *
}
],
"application_pool": {
"id": {application_pool_id}
}
}
Adding a binding
A common reason to update a web site is to add a binding. As an example, let us say
that there is a web site with a single binding on port 80, and we want to add a binding
that listens on port 8080. We should send a patch request that contains a bindings list
with both the bindings that we desire. Since the bindings property is a list, the bindings
that already exist on the web site should be sent as part of the request so that they are
not lost.
{
"bindings": [
{
"protocol": "HTTP",
"port": "80",
"ip_address": *
},
{
"protocol": "HTTP",
"port": "8080",
"ip_address": *
}
]
}
Feedback
Was this page helpful? ツ Yes ト No
GET /api/webserver/webapps/{id}
{
"location": "Default Web Site/demo-app",
"path": "/demo-app",
"id": "{id}",
"physical_path": "c:\\inetpub\\wwwroot\\demo-app",
"enabled_protocols": "http",
"website": {
"name": "Default Web Site",
"id": "{website_id}",
"status": "started"
},
"application_pool": {
"name": "DefaultAppPool",
"id": "{application_pool_id}",
"status": "started"
},
"_links": {
"authentication": {
"href": "/api/webserver/authentication/{authentication_id}"
},
"authorization": {
"href": "/api/webserver/authorization/{authorization_id}"
},
"default_document": {
"href": "/api/webserver/default-documents/{default_document_id}"
},
"directory_browsing": {
"href": "/api/webserver/directory-
browsing/{directory_browsing_id}"
},
"handlers": {
"href": "/api/webserver/http-handlers/{handlers_id}"
},
"ip_restrictions": {
"href": "/api/webserver/ip-restrictions/{ip_restrictions_id}"
},
"modules": {
"href": "/api/webserver/http-modules/{modules_id}"
},
"request_filtering": {
"href": "/api/webserver/http-request-
filtering/{request_filtering_id}"
},
"request_tracing": {
"href": "/api/webserver/http-request-
tracing/{request_tracing_id}"
},
"response_compression": {
"href": "/api/webserver/http-response-
compression/{response_compression_id}"
},
"response_headers": {
"href": "/api/webserver/http-response-
headers/{response_headers_id}"
},
"ssl": {
"href": "/api/webserver/ssl-settings/{ssl_id}"
},
"static_content": {
"href": "/api/webserver/static-content/{static_content_id}"
},
"vdirs": {
"href": "/api/webserver/virtual-directories?webapp.id={id}"
}
}
}
{
"webapps": [
{
"location": "Default Web Site/",
"path": "/",
"id": "{id}",
"_links": {
"self": {
"href": "/api/webserver/webapps/{id}"
}
}
},
{
"location": "Default Web Site/demo-app",
"path": "/demo-app",
"id": "{id_1}",
"_links": {
"self": {
"href": "/api/webserver/webapps/{id_1}"
}
}
}
]
}
Creating an Application
Creating an application requires:
website: The web site that the application should be created for.
path: The virtual path that the application should exist at relative to the root of the
web site.
physical_path: The directory that the application should exist in in the file system.
The directory must exist.
{
"path": "demo-app",
"physical_path": "C:\\inetpub\\wwwroot\\demo-app",
"website": {
"id": "{website_id}"
}
}
Feedback
Was this page helpful? ツ Yes ト No
Virtual directories provide a way to create the virtual file hierarchy that a web site
requires. The virtual directory API allows consumers to create, read, delete, or update
their virtual directories.
GET /api/webserver/virtual-directories/{id}
{
"location": "Default Web Site/demo-vdir",
"path": "/demo-vdir",
"id": "{id}",
"physical_path": "c:\\inetpub\\wwwroot\\demo-vdir",
"identity": {
"username": "",
"logon_method": "network_cleartext"
},
"webapp": {
"location": "Default Web Site/",
"path": "/",
"id": "{webapp_id}"
},
"website": {
"name": "Default Web Site",
"id": "{website_id}",
"status": "started"
}
}
{
"virtual_directories": [
{
"location": "Default Web Site/",
"path": "/",
"id": "{id}",
"_links": {
"self": {
"href": "/api/webserver/virtual-directories/{id}"
}
}
},
{
"location": "Default Web Site/demo-vdir",
"path": "/demo-vdir",
"id": "{id_1}",
"_links": {
"self": {
"href": "/api/webserver/virtual-directories/{id_1}"
}
}
}
]
}
{
"virtual_directories": [
{
"location": "Default Web Site/demo-app/",
"path": "/",
"id": "{id}",
"_links": {
"self": {
"href": "/api/webserver/virtual-directories/{id}"
}
}
},
{
"location": "Default Web Site/demo-app/app-level-vdir",
"path": "/app-level-vdir",
"id": "{id_1}",
"_links": {
"self": {
"href": "/api/webserver/virtual-directories/{id_1}"
}
}
}
]
}
{
"path": "demo-vdir",
"physical_path": "C:\\inetpub\\wwwroot\\demo-vdir",
"website": {
"id": {website_id}
}
}
Feedback
Was this page helpful? ツ Yes ト No
Worker processes provide the execution environment for all web sites and applications
configured in IIS. Valuable information such as CPU utilization and memory footprint can
be obtained from the API to help monitor the health of worker processes and the web
server. The /api/webserver/worker-processes endpoint lists all the worker processes that
are currently running.
GET /api/webserver/worker-processes/{worker-process-id}
{
"name": "w3wp",
"id": "{worker-process-id}",
"status": "running",
"process_id": "45076",
"process_guid": "63e9cb86-592d-4080-9132-5a9bec85d7c3",
"start_time": "2017-03-08T09:42:34.9696447-08:00",
"working_set": "43098112",
"peak_working_set": "43098112",
"private_memory_size": "118493184",
"virtual_memory_size": "2215549431808",
"peak_virtual_memory_size": "2215550480384",
"total_processor_time": "00:00:00.2812500",
"application_pool": {
"name": "DefaultAppPool",
"id": "{app-pool-id}",
"status": "started"
},
"_links": {
"request_monitor": {
"href": "/api/webserver/http-request-monitor/requests?wp.id=
{worker-process-id}"
}
}
}
GET /api/webserver/worker-processes?application_pool.id={application-pool-id}
{
"worker_processes": [
{
"name": "w3wp",
"id": "{worker-process-id}",
"process_id": "45076"
}
]
}
Feedback
Was this page helpful? ツ Yes ト No
Certificates provide the mechanism for web servers to prove their identity as well as
secure communication channels. The certificates API is essential to creating web sites
that serve content over HTTPS.
GET /api/certificates/{id}
{
"alias": "My Self Signed Certificate",
"id": "{id}",
"issued_by": "CN=localhost",
"subject": "CN=localhost",
"thumbprint": "1E927A29E966FA11A7C469BC565A9E00B11F5F95",
"signature_algorithm": "sha256RSA",
"valid_from": "2017-04-12T11:26:26Z",
"valid_to": "2019-04-12T11:26:26Z",
"version": "3",
"intended_purposes": [
"Client Authentication",
"Server Authentication"
],
"private_key": {
"exportable": "false"
},
"subject_alternative_names": [
"DNS Name=localhost",
"DNS Name=my-work-pc"
],
"store": {
"name": "My",
"id": "{store-id}",
"_links": {
"self": {
"href": "/api/certificates/stores/{store-id}"
}
}
}
}
Range Requests
It is not uncommon for a web server to have a very large amount of certificates. To
improve usability of the certificates API for these servers, the endpoint supports range
requests. Sending a HEAD request to the certificates endpoint will prompt the server to
respond with the total number of certificates that are available in the X-Total-Count
HTTP header. The certificates can then be requested in chunks by setting the Range
header in subsequent requests.
HEAD /api/certificates
200 OK
x-total-count: 100
GET /api/certificates
Access-Token: Bearer {Access-Token}
Range: certificates=1-2
Certificate stores
All certificates belong to a certificate store. A list of the available certificate stores can be
retreived from the certificate stores endpoint /api/certificates/stores. These certificate
stores have a claims property which specify what operations are allowed on the
certificates inside the store. This access is configurable via the certificates section of the
application settings file. Currently certificate stores only support read operations. In the
future the API may support importing, exporting, deleting, and creating certificates.
GET /api/certificates/stores
{
"stores": [
{
"name": "My",
"id": "{store-id}",
"_links": {
"self": {
"href": "/api/certificates/stores/{store-id}"
}
}
},
{
"name": "WebHosting",
"id": "{store-id}"
// _links omitted
},
{
"name": "IIS Central Certificate Store",
"id": "{store-id}"
// _links omitted
}
]
}
GET /api/certificates?store.id={store-id}
{
"certificates": [
{
"alias": "WebHostCert",
"id": "{cert-id}",
"issued_by": "CN=localhost",
"subject": "CN=localhost",
"thumbprint": "8E7933F41998C507B30F0E0AC8B548A903FE7843",
"valid_to": "2019-02-28T14:32:33Z",
"_links": {
"self": {
"href": "/api/certificates/{cert-id}"
}
}
}
]
}
Feedback
Was this page helpful? ツ Yes ト No
Get help at Microsoft Q&A
Files
Article • 07/26/2019
The IIS Administration API provides a set of file APIs to interact directly with the file
system. This means the API can be used locally or remotely to deploy content, make
edits or check if files are up to date.
Examples
File
{
"name": "iisstart.png",
"id": "{id}",
"type": "file",
"physical_path": "C:\\inetpub\\wwwroot\\iisstart.png",
"exists": "true",
"size": "98757",
"created": "2017-01-09T18:08:33.5130112Z",
"last_modified": "2017-01-09T17:48:13.6180477Z",
"last_access": "2017-01-09T17:48:13.6180477Z",
"e_tag": "1d26aa08c67ed45",
"parent": {
"name": "wwwroot",
"id": "{id}",
"type": "directory",
"physical_path": "C:\\inetpub\\wwwroot"
},
"claims": [
"read",
"write"
]
}
Directory
{
"name": "wwwroot",
"id": "{id}",
"type": "directory",
"physical_path": "C:\\inetpub\\wwwroot",
"exists": "true",
"created": "2017-01-09T18:08:33.1380257Z",
"last_modified": "2017-01-30T17:01:15.2619212Z",
"last_access": "2017-01-30T17:01:15.2619212Z",
"total_files": "7",
"parent": {
"name": "inetpub",
"id": "a-nA1LZCBZ9jIqxr6e2uWg",
"type": "directory",
"physical_path": "C:\\inetpub"
},
"claims": [
"read",
"write"
]
}
All web server files have a reference to a file_info which is the file metadata that can be
obtained from the /api/files endpoint.
Examples
Web File
{
"name": "iisstart.png",
"id": "{id}",
"type": "file",
"path": "/iisstart.png",
"parent": {
"name": "",
"id": "{id}",
"type": "application",
"path": "/"
},
"website": {
"name": "Default Web Site",
"id": "{id}",
"status": "started"
},
"file_info": {
"name": "iisstart.png",
"id": "{id}",
"type": "file",
"physical_path": "C:\\inetpub\\wwwroot\\iisstart.png"
}
}
Web Directory
{
"name": "imgs",
"id": "{id}",
"type": "directory",
"path": "/imgs",
"parent": {
"name": "",
"id": "{id}",
"type": "application",
"path": "/"
},
"website": {
"name": "Default Web Site",
"id": "{id}",
"status": "started"
},
"file_info": {
"name": "imgs",
"id": "{id}",
"type": "directory",
"physical_path": "C:\\inetpub\\wwwroot\\imgs"
}
}
Copying/Moving Files (/api/files/copy |
/api/files/move)
The API supports copying and moving files via the /api/files/copy and /api/files/move
endpoints. The process of copying a file is performed by executing a POST request to
the API that describes the desired copy operation.
POST
{
"name":"{optional name of the destination file}",
"file": {
"id": "{id property of the file to copy}"
},
"parent": {
"id": "{id property of the directory to copy to}"
}
}
GET /api/files/content/{id}
Access-Token: Bearer {Access-Token}
Range: bytes=500-999
When a download is generated, the link for the download is returned in the Location
header of the HTTP response.
POST
{
"file": {
"id": "{id of the file to download}"
},
"ttl": "10000"
}
Starting with version 2.2.0, location settings are accessible through the
/api/files/locations endpoint. This endpoint is locked down to users in the owners user
group of the API. This means Windows Authentication is required to access the locations
endpoint. Adding or removing locations will add or remove file system access from the
API. This endpoint supports GET, PATCH, POST, and DELETE for creating, editing, and
deleting existing locations. Editing locations has no effect on the physical files, it only
manipulates the API's view of the file system.
{
"locations": [
{
"alias": "inetpub",
"id": "{id}",
"path": "C:\\inetpub",
"claims": [
"read"
]
}
]
}
Feedback
Was this page helpful? ツ Yes ト No
The monitoring API provides performance and health data for the web server, web sites,
and application pools. This data can be used to measure how effectively resources are
being used.
Example
Web Server Monitoring Resource
{
"id": "{id}",
"network": {
"bytes_sent_sec": "59486",
"bytes_recv_sec": "8313",
"connection_attempts_sec": "0",
"total_bytes_sent": "4797480792",
"total_bytes_recv": "670503816",
"total_connection_attempts": "1",
"current_connections": "1"
},
"requests": {
"active": "0",
"per_sec": "64",
"total": "5197703"
},
"memory": {
"handles": "358",
"private_bytes": "9097216",
"private_working_set": "8032256",
"system_in_use": "6734737408",
"installed": "15403110400"
},
"cpu": {
"threads": "24",
"processes": "1",
"percent_usage": "0",
"system_percent_usage": "14"
},
"disk": {
"io_write_operations_sec": "1",
"io_read_operations_sec": "1",
"page_faults_sec": "0"
},
"cache": {
"file_cache_count": "2",
"file_cache_memory_usage": "699",
"file_cache_hits": "18506471",
"file_cache_misses": "46266060",
"total_files_cached": "10",
"output_cache_count": "0",
"output_cache_memory_usage": "0",
"output_cache_hits": "0",
"output_cache_misses": "18506478",
"uri_cache_count": "2",
"uri_cache_hits": "18506452",
"uri_cache_misses": "26",
"total_uris_cached": "13"
}
}
Field Explanations
Network
bytes_sent_sec: The number of bytes that the web server sent in the last second.
bytes_recv_sec: The number of bytes that the web server received in the last second.
total_bytes_sent: The number of bytes sent since the web server started.
total_bytes_recv: The number of bytes received since the web server started.
current_connections: The number of active connections that are open on the web server.
Requests
active: The number of requests that are currently being processed by the web server.
per_sec: The number of requests that have been served in the past second.
total: The number of requests that have been served since the web server started.
Memory
handles: The number of handles that are currently open in web server processes.
private_bytes: The total private bytes being used by all web server processes.
private_working_set: The total private working set being used by all web server
processes.
CPU
processes: The number of processes being used by the web server to process requests.
Disk
Cache
file_cache_memory_usage: Current number of bytes used for the user-mode file cache.
file_cache_hits: Number of successful lookups in the user-mode file cache since the web
server started.
file_cache_misses: Number of unsuccessful look ups in the user-mode file cache since
the web server started.
total_files_cached: Number of files whose content was ever added to the user-mode
cache since the web server started.
output_cache_hits: Number of successful lookups in the output cache since the web
server started.
uri_cache_count: Number of URI information blocks that are currently in the user-mode
cache.
uri_cache_hits: Number of successful look ups in the user-mode URI cache since the web
server started.
uri_cache_misses: Number of unsuccessful look ups in the user-mode URI cache since
the web server started.
total_uris_cached: Number of URI information blocks that have been added to the user-
mode cache since the web server started.
Note: This data includes information from the application pool that the web site runs in.
If multiple web sites are running in the same application pool, the web site data taken
from the application pool may be invalid. Assign one site per application pool for
accurate performance measurement at the web site level.
Example
Web Site Monitoring Resource
{
"id": "{id}",
"uptime": "88170",
"network": {
"bytes_sent_sec": "31280",
"bytes_recv_sec": "4371",
"connection_attempts_sec": "0",
"total_bytes_sent": "4939609870",
"total_bytes_recv": "690368010",
"total_connection_attempts": "1",
"current_connections": "1"
},
"requests": {
"active": "0",
"per_sec": "33",
"total": "5351689"
},
"memory": {
"handles": "358",
"private_bytes": "9097216",
"private_working_set": "8032256",
"system_in_use": "6704680960",
"installed": "15403110400"
},
"cpu": {
"percent_usage": "0",
"threads": "24",
"processes": "1"
},
"disk": {
"io_write_operations_sec": "1",
"io_read_operations_sec": "1",
"page_faults_sec": "0"
},
"cache": {
"file_cache_count": "2",
"file_cache_memory_usage": "699",
"file_cache_hits": "10703511",
"file_cache_misses": "26758783",
"total_files_cached": "2",
"output_cache_count": "0",
"output_cache_memory_usage": "0",
"output_cache_hits": "0",
"output_cache_misses": "10703512",
"uri_cache_count": "2",
"uri_cache_hits": "10703508",
"uri_cache_misses": "4",
"total_uris_cached": "2"
},
"website": {
"name": "Default Web Site",
"id": "{id}",
"status": "started"
}
}
Field Explanations
Most of the fields are the same as the web server resource. A few additional fields are
present as indicated below.
uptime: The number of seconds that have elapsed since the web site started.
website: The web site resource that the data belongs to.
Example
Application Pool Monitoring Resource
{
"id": "{id}",
"requests": {
"active": "0",
"per_sec": "76",
"total": "5371766"
},
"memory": {
"handles": "358",
"private_bytes": "9097216",
"private_working_set": "8032256",
"system_in_use": "6742872064",
"installed": "15403110400"
},
"cpu": {
"percent_usage": "0",
"threads": "24",
"processes": "1"
},
"disk": {
"io_write_operations_sec": "0",
"io_read_operations_sec": "0",
"page_faults_sec": "0"
},
"cache": {
"file_cache_count": "2",
"file_cache_memory_usage": "699",
"file_cache_hits": "10743531",
"file_cache_misses": "26858833",
"total_files_cached": "2",
"output_cache_count": "0",
"output_cache_memory_usage": "0",
"output_cache_hits": "0",
"output_cache_misses": "10743532",
"uri_cache_count": "2",
"uri_cache_hits": "10743528",
"uri_cache_misses": "4",
"total_uris_cached": "2"
},
"application_pool": {
"name": "DefaultAppPool",
"id": "{id}",
"status": "started"
}
}
Feedback
Was this page helpful? ツ Yes ト No
The Central Certificate Store (CCS) feature of IIS provided a mechanism to place
certificates in a file share for use by multiple web servers. This feature can be enabled,
disabled, and configured through the CCS API /api/webserver/centralized-
certificates/{id}.
Requirements
To enable the Central Certificate Store, the API must have read access to the physical
path that the store will be configured to use. This access is granted in the files section of
the application settings. Attempting to set the path of the CCS to a physical path that is
not allowed will result in a 403 Forbidden error.
{
"title": "Not found",
"detail": "IIS feature not installed",
"name": "IIS Central Certificate Store",
"status": "404"
}
Enabling CCS
To enable the Central Certificate Store, a POST request should be sent to the CCS API
endpoint along with all the necessary data to enable the feature.
POST /api/webserver/centralized-certificates/{id}
{
"path": "\\\\FileShare\\certs",
"identity": {
"username": "{Username of windows identity used to access file
share}"
"password": "{Password of windows identity used to access file
share}"
},
"private_key_password": "{Password used to encrypt private keys}"
}
Updating CCS
The Central Certificate Store settings can be modified using a PATCH request with the
updated settings.
Disabling CCS
To disable the Central Certificate Store, a DELETE request should be sent to the CCS
endpoint.
DELETE /api/webserver/centralized-certificates/{id}
204 No Content
Feedback
Was this page helpful? ツ Yes ト No
HTTP request tracing is a feature of IIS that provides a way to determine what exactly is
happening with a request. This includes any form of authentication, which handler was
used, and how long each step took in the pipeline. Enabling request tracing is a useful
way to diagnose unexpected or undesirable behavior.
GET /api/webserver/http-request-tracing/{request-tracing-id}
{
"id": "{request-tracing-id}",
"scope": "",
"metadata": {
"is_local": "true",
"is_locked": "false",
"override_mode": "inherit",
"override_mode_effective": "allow"
},
"enabled": "true",
"directory": "%SystemDrive%\\inetpub\\logs\\FailedReqLogFiles",
"maximum_number_trace_files": "50",
"website": null,
"_links": {
"providers": {
"href": "/api/webserver/http-request-tracing/providers?
http_request_tracing.id={request-tracing-id}"
},
"rules": {
"href": "/api/webserver/http-request-tracing/rules?
http_request_tracing.id={request-tracing-id}"
}
}
}
Trace Providers (/api/webserver/http-request-
tracing/providers)
The providers for HTTP request tracing determine what information will be provided
whenever a trace rule is triggered. IIS comes with a set of default providers that provide
most of the information a consumer will want.
GET /api/webserver/http-request-tracing/providers/{provider-id}
{
"name": "ASPNET",
"id": "{provider-id}",
"guid": "{aff081fe-0247-4275-9c4e-021f3dc1da35}",
"areas": [
"Infrastructure",
"Module",
"Page",
"AppServices"
],
"request_tracing": {
"id": "{request-tracing-id}",
"scope": "",
"_links": {
"self": {
"href": "/api/webserver/http-request-tracing/{request-
tracing-id}"
}
}
}
}
GET /api/webserver/http-request-tracing/rules/{rule-id}
{
"path": "*",
"id": "{rule-id}",
"status_codes": [
"101-999"
],
"min_request_execution_time": "2147483647",
"event_severity": "ignore",
"custom_action": {
"executable": "",
"params": "",
"trigger_limit": "1"
},
"traces": [
{
"allowed_areas": {
"Authentication": "true",
"Security": "true",
"Filter": "true",
"StaticFile": "true",
"CGI": "true",
"Compression": "true",
"Cache": "true",
"RequestNotifications": "true",
"Module": "true",
"FastCGI": "true",
"WebSocket": "true"
},
"provider": {
"name": "WWW Server",
"id": "{provider-id}",
"_links": {
"self": {
"href": "/api/webserver/http-request-
tracing/providers/{provider-id}"
}
}
},
"verbosity": "warning"
}
],
"request_tracing": {
"id": "{request-tracing-id}",
"scope": "",
"_links": {
"self": {
"href": "/api/webserver/http-request-tracing/{request-
tracing-id}"
}
}
}
}
POST /api/webserver/http-request-tracing/rules
{
"path": "index.html",
"status_codes": [
"100-999"
],
"traces": [
{
"allowed_areas": {
"Authentication": "true",
"Security": "true",
"Filter": "true",
"StaticFile": "true",
"CGI": "true",
"Compression": "true",
"Cache": "true",
"RequestNotifications": "true",
"Module": "true",
"FastCGI": "true",
"WebSocket": "true"
},
"provider": {
"id": "{www-server-provider-id}"
},
"verbosity": "warning"
}
],
"request_tracing": {
"id": "{request-tracing-id}"
}
}
{
"id": "{trace-id}",
"url": "http://localhost:80/favicon.ico",
"method": "GET",
"status_code": "404",
"date": "2017-03-02T15:34:17.0627155-08:00",
"time_taken": "0",
"process_id": "8172",
"activity_id": "{8000009D-0001-F700-B63F-84710C7967BB}",
"file_info": {
"name": "fr000001.xml",
"id": "{file-id}",
"type": "file",
"physical_path":
"c:\\inetpub\\logs\\FailedReqLogFiles\\W3SVC1\\fr000001.xml",
"_links": {
"self": {
"href": "/api/files/{file-id}"
}
}
},
"request_tracing": {
"id": "{request-tracing-id}",
"scope": "Default Web Site/",
"_links": {
"self": {
"href": "/api/webserver/http-request-tracing/{request-
tracing-id}"
}
}
}
}
Feedback
Was this page helpful? ツ Yes ト No
The Microsoft IIS Administration API allows generation and viewing of API key
information through secured endpoints.
GET /api/access-token
{
"id": "{access-token-id}",
"expires_on": "2018-02-02T16:25:31.4003337Z",
"type": "SWT",
"api_key": {
"purpose": "Admin",
"id": "{api-key-id}",
"_links": {
"self": {
"href": "/security/api-keys/{api-key-id}"
}
}
}
}
GET /security/api-keys/{api-key-id}
{
"purpose": "Admin",
"id": "{api-key-id}",
"created_on": "2017-02-02T16:25:31.4003337Z",
"last_modified": "2017-02-02T16:25:31.4003337Z",
"expires_on": "2018-02-02T16:25:31.4003337Z",
"_links": {
"access_token": {
"href": "/security/access-tokens/{access-token-id}"
}
}
}
Client
Server
|
|
| GET /security/api-keys
|
| ---------------------------------------------->
|
|
|
|
|
| XSRF-TOKEN:
{value} |
| <--------------------------
-------------------- |
|
|
|
|
| POST /security/api-keys
|
| XSRF-TOKEN: {value}
|
|
|
| {
|
| "purpose": "Admin"
|
| }
|
| ---------------------------------------------->
|
|
|
|
|
| {
|
| "access_token" : "
{access-token-value}" |
| }
|
| <--------------------------
-------------------- |
{
"purpose": "Admin",
"expires_on": "2018-02-02T16:25:31.4003337Z",
}
Feedback
Was this page helpful? ツ Yes ト No
IIS and its components are exposed by Windows as optional features. This provides a
way for users to enable only the features of IIS that they need for their sites to operate.
As a side effect, when configuring IIS through the API it is possible that a feature, for
example Windows Authentication, may not yet be installed on the machine. Historically,
enabling IIS features was done through DISM.exe, PowerShell commands, or the
Windows Optional Feature UI. The IIS Administration API exposes a simple method to
install/uninstall these features so that consumers do not have to change environments
in order to enable the features that they depend on.
GET /api/webserver/default-documents?scope=
{
"title": "Not found",
"detail": "IIS feature not installed",
"name": "Default Document",
"status": "404"
}
Feature Is Installed
200 OK
{
"id": "{id}",
"enabled": "true",
"scope": "",
"metadata": {
"is_local": "true",
"is_locked": "false",
"override_mode": "allow",
"override_mode_effective": "allow"
},
"website": null
}
Installing a Feature
Feature installation is performed by issuing a POST request to the feature's endpoint.
Some IIS features such as the Central Certificate Store require initial settings to be
provided when installing. As an example, suppose the default document feature was
returning the 404 Feature Not Installed response. Sending a POST request to to the
default documents endpoint installs the feature and then returns the features settings.
POST /api/webserver/default-documents
HTTP Response
201 CREATED
Location: /api/webserver/default-documents/{id}
{
"id": "{id}",
"enabled": "true",
"scope": "",
"metadata": {
"is_local": "true",
"is_locked": "false",
"override_mode": "allow",
"override_mode_effective": "allow"
},
"website": null
}
Uninstalling a Feature
IIS features can be uninstalled by issuing a DELETE request to the feature at the web
server level. For IIS features that support configuration at web site and application levels,
one can verify that the object represents the web server scope by ensuring the scope
field is empty.
GET /api/webserver
{
"id": "{id}",
"_links": {
... // Other features omitted
"default_document": {
"href": "/api/webserver/default-documents/{def-doc-id}"
}
}
}
DELETE /api/webserver/default-documents/{def-doc-id}
204 NO CONTENT
Feedback
Was this page helpful? ツ Yes ト No
The IIS Administration API provides direct access to resources on the system. Many of
these resources allow create, read, update and delete operations. The REST API maps
CRUD operations to HTTP methods. The following table specifies which HTTP method
maps to which operation.
Create POST
Read GET
Delete DELETE
Create (POST)
Resources are created by sending HTTP POST requests to the API. The type of resource
is determined by the URL of the request. The body of the request should contain a JSON
object describing the resource to create. The object in the request body determines the
initial state of the resource will be when it is created. Some resources require certain
properties be provided when they are created, others can be created with an empty
JSON object.
{
"name": "Example Resource Name"
}
{
"path": "/MyApp",
"physical_path": "c:/sites/mysite/myapp",
"website": {
"id": {website_id}
}
}
Read (GET)
Resources are retrieved by performing HTTP GET requests. There are two main methods
to retrieve resources. The first method involves requesting a list of resources, the second
method is when a single resource is requested. Requests to a single resource are marked
by the presence of the resource id in the URL of the request. Sometimes, singular
resources can also be specified through query string paremeters in the URL. This
behavior depends on the individual API endpoint.
{
"websites": [
{
"name": "Default Web Site",
"id": "{id}",
"status": "started",
"_links": {
"self": {
"href": "/api/webserver/websites/{id}"
}
}
},
{
"name": "My Site",
"id": "{id_1}",
"status": "started",
"_links": {
"self": {
"href": "/api/webserver/websites/{id_1}"
}
}
}
{
"name": "docs",
"id": "{id_2}",
"status": "started",
"_links": {
"self": {
"href": "/api/webserver/websites/{id_2}"
}
}
}
]
}
/api/files/{id}
/api/files?physical_path={physical path of the file}
The files endpoint provides this behavior because only one file can exist for any given
physical path, so it is a uniquely identifying query string parameter.
{
"name": "My Site",
"id": "12345",
"physical_path": "c:\\sites\\mysite"
"_links": {
"self": {
"href": "/api/webserver/websites/{12345}"
}
}
}
{
"name": "My Site 2"
}
{
"name": "My Site 2",
"id": "12345",
"physical_path": "c:\\sites\\mysite"
"_links": {
"self": {
"href": "/api/webserver/websites/{12345}"
}
}
}
Delete (DELETE)
Resources are deleted by sending an HTTP DELETE request to the URL that the resource
is located at. This is the URL that contains the id of the resource.
Feedback
Was this page helpful? ツ Yes ト No
The IIS configuration system is a hierarchy that extends from the root web server
configuration to as far down as individual folders with a web application. The root
configuration file is named applicationHost.config and it resides in the IIS installation
directory. The rest of a web application's configuration exists in web.config files within
the application's directories. One benefit of using web.config files is that application's
can introduce configuration at different paths without affecting the web server as a
whole. At the same time, it is possible to define configuration in the root
applicationHost.config that targets only a specific path inside a specific web application.
This means there are two different ways to think of configuration scoping.
GET https://localhost:55539/api/webserver/http-request-filtering?
scope=Default Web Site/MyApp/MyFolder
This request will tell the API to query the request filtering settings for the MyFolder
directory within the MyApp application of the Default Web Site. The request filtering
resource that is returned will have the id necessary to modify the settings at that level
within the configuration system.
To achieve this, use config_scope in the body of a PATCH request being used to modify
settings. The value of the config_scope property should be the web server path to the
configuration file that the settings should reside in. For example the empty path "" refers
to the root applicationHost.config file and the path "Default Web Site/MyApp" refers to
the web.config file in the MyApp application within the Default Web Site.
Example:
Assume that the goal is to enable directory browsing for the path Default Web
Site/MyApp/MyFolder, the id for this resource is WXYZ, and the settings should be stored
in the applicationHost.config file.
PATCH https://localhost:55539/api/webserver/directory-browsing/WXYZ
{
"enabled": "true",
"config_scope": ""
}
Feedback
Was this page helpful? ツ Yes ト No
The IIS Administration API includes special data in all of its resources called Hypertext
Application Language (HAL). HAL is a set of conventions that provide a standardized
way to link resources. HAL is only included in resources when the client includes
application/hal+json in the Accept header of their HTTP requests.
_links
The _links property is the most prevalent form of HAL used in the API. The _links object
contains members indicating how to retrieve related resources.
{
"name": "Default Web Site",
"id": "{id}",
"physical_path": "%SystemDrive%\\inetpub\\wwwroot"
.
.
.
"application_pool": {
"name": "DefaultAppPool",
"id": "{app_pool_id}",
"status": "started",
"_links": {
"self": {
"href": "/api/webserver/application-pools/{app_pool_id}"
}
}
},
"_links": {
"authentication": {
"href": "/api/webserver/authentication/{authentication_id}"
},
"self": {
"href": "/api/webserver/websites/{id}"
},
"webapps": {
"href": "/api/webserver/webapps?website.id={id}"
}
}
}
This example resource is a web site in IIS. The _links property tells the consumer how to
get to the authentication settings, how to view the web site's applications for the web
site, and also the URI of the resource.
Self
Every resource that includes _links has a self link. This link provides the URI that the
resource lives at. This URI is the same one that PATCH and DELETE requests should be
sent to when updating or deleting the resource.
Requesting HAL
HAL is an augmentation to the JSON data format. When a resource includes HAL it has a
content type of application/hal+json. In order to receive HAL from the API, clients must
specify application/hal+json in the Accept header of their HTTP requests.
Feedback
Was this page helpful? ツ Yes ト No