Last Updated: 11/24/2021 1:00:33 AM

API provides a set of integration API interfaces that allows your system to interact with Trend Micro License Management Portal. This section covers some technical detail that you should note when implementing adapting interfaces for your system.

LMPI is a REST API implemented over HTTP Protocol. LMPI decompose complex business logics of License Management Portal following REST API conventions. As you can see in API Reference section, domain models are defined as collections of Resources for developers to operate using HTTP methods defined in REST API standard.


To successfully invoke the LMP API, several requirements should be fulfilled. The following is an example of customized HTTP headers that you should specify for every request made to the API:

HTTP header sample:

x-access-token: {Put your access token here}
x-posix-time: 1363797148
x-signature: rnBCnS6YWHvR5PnkM2J44IobfTGcQL039xkRbosIMe8=
x-traceid: 95b794e7-7f4b-4f20-95b6-a16d4143199e
content-type: application/json; charset=utf-8

Please pay attention to header elements as some of them are compulsory headers required for LMPI API to respond to your request. Following table explains it in detail:

Header Name







The unique Access Token that you receive from Trend Micro, that is used to identify the integrating partner. The format will be similar to: 975f9ce9-1234-5678-8c2e-9f0b1f27e1b3.




This value is the standard UNIX time in seconds, which is the number of seconds that have elapsed since midnight Coordinated Universal Time (UTC), January 1, 1970, not counting leap seconds.Use this value to generate the x-signature header.API also checks this value against its own time. If the differences is more than 15 minutes (plus or minus), the request is denied.

1-10 digits, long integer



This value is calculated based on selected headers, as well as a Secret Key, and is a based on 64 encoded string, which is calculated by the following expression. More details on how to generate the x-signature will be presented in the next section.

1-90 characters.



This should specify the application/json and charset=utf-8 for every API call. Note that the content is UTF-8 encoded.

1-31 characters



This is intend to facilitate troubleshooting. The format of the TraceID is simply a String. It is recommended to be in the format of a GUID string (e.g. 975f9ce9-f509-4842-8c2e-9f0b1f27e1b3), and will not check the format. When the server logs the request, the Trace ID is accompanied with the client's access token for it to identify the caller, as well as the request.

1-60 characters



The Date is HTTP protocol standard.The format follows RFC 822. It will appear as: Tue, 17 Sep 2013 05:54:38 GMT. Details

1-30 characters

x-signature Generation

The x-signature proves that the message is composed by a trusted Business Partner who owns the Secret Key. It also prevents the message from been hijacked or resent by other parties when sent via the Internet, even when all transactions are forced to be sent over SSL. The x-signature header should be composed using the following matrix.

Payload = [x-posix-time] + [http method] + [request_uri] + [body content]

x-signature = HMAC-SHA256(secret_key, UTF-8 Encoding(Payload))


Following table explains elements that composes into the Payload string:





This value is the standard UNIX time in seconds, which is the number of seconds that have elapsed since midnight Coordinated Universal Time (UTC), January 1, 1970, not counting leap seconds.


HTTP method

The current HTTP method that is used to request the API. This value should be in upper case.



This should be the absolute URI of the current request, including the query string. Please note to percent encode query string parameter values.



Given that the request contains body content, such as POST or UPDATE, this content should be hashed and appended to the end of the Payload. Hashing algorithm is:

Base64(MD5(content as binary))

Hashed result

Original content




Once the Payload is generated, it is ready to be hashed using the Secret Key that was provided to generate the signature. The following algorithm explains how the signature is generated.

Base64 ( HMAC-SHA256(secret_key, Payload) )

The first step is to generate a HMAC-SHA256 hash of the Payload using your Secret Key, and then convert the binary into Base64 string.

As for this design, you need to generate a unique x-signature in every request, resulting in a different signature for each request. The x-signature will be verified by the API server in every request.

Request Content

Apart from the header elements. The HTTP request body should also include a valid JSON data structure of the data that you need to send to the LMPI API, if required. The details of the body content is included in each API Specification.

Following the above request to invoke a Create Customer API, if the request was invoked successfully you should have received a response body similar to the following example:

    company_id : "17363415-4A9F-4A01-8153-10B8F35B50B1",
    user :
        id : "3CB3C2A5-94C5-4D57-9B97-CF4FCC47FF77",
        login_name : "staygreen_greenery",
        password : "93oap1jv0z"

C# Sample Code

Generating x-posix-time

// Verify that if a PosixTime is 15 minutes before or after the server time.
// serverTime: Current server time.
// posixStr: A posix string of seconds.
// timeRangeinMinutes: You may specify a time range in minute. Default value is 15 minutes.
// returns: True if the posixStr time is within +-15 minutes range of the given server time.

public static bool VerifyPosixTime(string posixStr, int timeRangeinMinutes = 15)
    long posixSeconds;
    if (!Int64.TryParse(posixStr, out posixSeconds)) return false;

    var from = DateTimeToPosixTimestamp(DateTime.UtcNow.AddMinutes(-timeRangeinMinutes));
    var to = DateTimeToPosixTimestamp(DateTime.UtcNow.AddMinutes(timeRangeinMinutes));

    return (posixSeconds >= from) && (posixSeconds <= to);

// Methods to convert DateTime to Posix time(seconds) in Unix time stamp.
// dateTime: Unix time stamp to convert.
// returns: Return Unix time stamp as long type.

public static long DateTimeToPosixTimestamp(DateTime dateTime)
    TimeSpan unixTimeSpan = (dateTime - new DateTime(1970, 1, 1, 0, 0, 0));
    return (long) unixTimeSpan.TotalSeconds;

Generating x-signature

// Generate a x-signature header value that's required to invoke LMPI API interface.
// secret: The secret key used to hash.
// unixTimestamp: Number of seconds after 1970-01-01 til now.
// method: HTTP method used to invoke LMPI.
// requestUri: The request URI without server host. The request URI should be encoded.
// content: HTTP request content in binary. Pass in null if no content is to be sent to server.
// hexstring: A hexstring of HMAC-SHA256 hashed value will be assigned to this parameter.
// returns: Base64 string encoded x-signature.

public static string GenerateSignature(string secret, long unixTimestamp, string method, string requestUri, byte[] content, out string hexstring)
    var posix = unixTimestamp.ToString();
    var payload = posix + method.ToUpper() + requestUri +
        ((content == null) ? "" : CalculateMD5Hash(content));

    HMAC hash = new HMACSHA256();
    hash.Key = Encoding.UTF8.GetBytes(secret);

    var byteArr = hash.ComputeHash(Encoding.UTF8.GetBytes(payload));
    hexstring = ByteArrayToHexString(byteArr);

    return Convert.ToBase64String(byteArr);

// Calculates MD5 Hash of a binary and return it as a BASE64 string.
// input: Binary to be calculated.
// returns: MD5 hashed string result in BASE64.

public static string CalculateMD5Hash(byte[] input)
    // step 1, calculate MD5 hash from input
    MD5 md5 = MD5.Create();
    byte[] hash = md5.ComputeHash(input);

    return Convert.ToBase64String(hash);

// Converts a byte array into HexString.
// ba: Byte array to be converted.
// returns: HEX String.

public static string ByteArrayToHexString(byte[] ba)
    var sb = new StringBuilder(ba.Length*2);
    foreach (var b in ba)
        sb.AppendFormat("{0:x2}", b);
    return sb.ToString();