Querying the Kaseya REST API With PowerShell

Like many MSP’s, my work uses a Remote Management and Monitoring (RMM) tool to monitor, catalogue and access client systems. The one we use is Kaseya.

I found out recently that Kaseya has a REST API that allows you to get information
and run certain tasks against one or more computers. The last time I needed to pull
some data from Kaseya I decided to skip the built-in reporting UI and learn how to use PowerShell to work with the API instead. 

The API is documented here,
but it seems to be focused more at developers than IT pros and in my opinion, it skips over some details that I think would have been helpful.

There are two steps to the API – authentication and query. I’ll do my best to document them here.

The Authentication Stage

The authentication process is documented here, but I think
The purpose of this process is to generate an authentication token to use with subsequent queries. This was the most difficult part of the for me as there are a couple of different ways to generate a hash of a string in PowerShell that yeild different results. With a lot of help from the Kaseya community, I was able to get the hashing correct and successfully generate a token.

This is the function that I am using to generate the hash. I’ll be saving this to tweak and use with other projects in the future.

function hash($algorithm, $text) {
$data = [system.Text.Encoding]::UTF8.GetBytes($text)
[string]$hash = -join ([Security.Cryptography.HashAlgorithm]::Create($algorithm).ComputeHash($data) | ForEach { "{0:x2}" -f $_ })
return $hash

Next we’ll create some variables to store the VSA url etc. Obviously, replace these with your details

$vsa = 'https://saas6.kaseya.com/api/v1.0/auth'
$user = 'kaseyauser'
$password = 'secrets'
$rand = Get-Random # Used later during the hashing function.

Now, store the hashes

EDIT: Thanks to Patrick Ryan in the comments for pointing out my mismatched variables. I have amended them.

$SHA1Hash   = hash "SHA1"   "$password$user"
$SHA256Hash = hash "SHA256" "$password$user"
$SHA1Hash   = hash "SHA1"   "$SHA1Hash$rand"
$SHA256Hash = hash "SHA256" "$SHA256Hash$rand"

Finally we create the authorization string, make the auth request and grab the token. This is where it differs a little from the documentation, but we get the result we’re looking for.

$auth = "user=$user,pass2=$SHA256Hash,pass1=$SHA1Hash,rand2=$rand,rpass2=$SHA256Hash,rpass1=$SHA1Hash,twofapass=:undefined"
$encodedauth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($auth))

$request = Invoke-RestMethod -Method Get -Uri $vsa -Headers @{'Authorization' = "Basic $encodedauth"}
$token = $request.result.token

We can use the value of $token to make further requests

The Query

The documentation for the different queries you can make is fairly extensive so I would check that out if you’re looing for ideas.
I’ll just make a simple request to return some agents where the agent name contains ‘PC01’ and select their CPU type
and amount of available RAM. (I have a way to get the total installed RAM that I will cover in another post)

$uri = "https://saas12.kaseya.net:443/api/v1.0/assetmgmt/agents?`$filter=substringof('PC01', AgentName)"
$result = invoke-restmethod -uri $uri -Headers @{'Authorization'="Bearer $token"} -Method Get -ContentType application/json
$result.result | select CPUType, RamMBytes


From here you could add this to a HTML report, or other presentation which I will cover in another post.

8 thoughts on “Querying the Kaseya REST API With PowerShell

  1. This great Liam and has help me tremendously. I will note some problems though for anyone looking:

    The variables defined are referenced by different names later and thus cause the process to fail.

    $user is referenced later as $username
    $pass is referenced later as $password
    $rand is referenced later as $random

    The easiest fix is to rename the variables in their definitions.

    Sincere regards and thanks for your posting,
    Patrick Ryan, Extreme Reach


  2. Hi Liam, thanks alot for the article. It was a good start for me with Kaseya / REST API and PowerShell. But there is still a small error. In the second block there must be written $password instead of $pass. Regards Boris


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s