Using Control Manager Automation APIs

Trend Micro™ Control Manager™ provides access to some internal product functionalities through Control Manager Automation APIs allowing users to integrate third-party solutions. Using the APIs may potentially expose sensitive information, such as agent and endpoint information, which could result in state-changing effects such as agent isolation. To ensure that only trusted applications can use the APIs, generate an authentication JSON Web Token (JWT) that the trusted applications send with API requests. Control Manager verifies the validity of all API requests from third-party applications using the JWT information.


For a list of available APIs and supported functions, see Control Manager Automation APIs.


Trend Micro provides demo projects to help you get started with using the Control Manager Automation APIs.

For more information, see the following topics:

Perform the following steps to properly utilize the Control Manager Automation APIs:

  1. Obtain an "Application ID" and "API key" by adding the integrated product solution to the Control Manager console.

    For more information, see Adding an Application.

  2. Create a JSON Web Token (JWT) using the "Application ID" and "API key" and send the JWT in the authorization header of the request to the intended Automation API.

    • The "Application ID" is part of the JWT payload and the

    • The "API key" is the secret key used to generate the signature of the JWT.

    • The JWT is generated directly by the third-party application.


    Do not transmit the "API key" as part of the request.

    For more information, see Authorization Token Structure.

  3. Verify whether Control Manager accepted the API request.

    For more information, see Automation API Responses.