How to enable and query APM REST API?

Document ID : KB000045645
Last Modified Date : 14/02/2018
Show Technical Document Details


How to enable and query APM REST API? How to list the vertex


1. Open the MOM_HOME/config/
Uncomment introscope.enterprisemanager.webserver.jetty.configurationFile=em-jetty-config.xml
enable REST API, set introscope.public.restapi.enabled=true

2. To test this feature we create a self signed certificate.
For this demonstration we are using APM 10.1, server name is

NOTE: From
“You should only use certificates signed by a recognized Certificate Authority. Certificates that are not recognized can be rejected by your REST client and cause automated scripts to fail. Self-signed and invalid certificates compromise security and should never be used in production. Self-signed certificates can be used for test purposes in a controlled environment.”

a) generate a new key for host "" with alias "jettyssl"
"C:\Program Files\CA APM\Introscope10.1.0.15\jre\bin\keytool" -genkey -keyalg RSA -alias jettyssl -keystore keystore -storepass password -keypass password -validity 7300 -dname ""
b) generate a self-signed certificate for existing key with alias "jettyssl"
"C:\Program Files\CA APM\Introscope10.1.0.15\jre\bin\keytool" -selfcert -alias jettyssl -keystore keystore -storepass password -validity 7300

c) export certificate from EM keystore
"C:\Program Files\CA APM\Introscope10.1.0.15\jre\bin\keytool"  -export -alias jettyssl -keystore keystore -storepass password -file jettyssl.crt

d) import the certificate into keystore in JRE (so it can be used by client without any additional configuration)
"C:\Program Files\CA APM\Introscope10.1.0.15\jre\bin\keytool" -importcert -keystore "C:\Program Files\CA APM\Introscope10.1.0.15\jre\lib\security\cacerts" -alias jettyssl -file "C:\Program Files\CA APM\Introscope10.1.0.15\config\internal\server\jettyssl.crt" -storepass changeit

Below the output of the above commands:

Verify if the new cert has been added

3. Add a new connection section to the em-jetty-config.xml that will use the new self signed certificate.

NOTE: For REST calls you need a proper certificate, you cannot use the default “wily” cert.

An example on how to add a section for the Self-signed certificate is available from the doc:

Restart the EM

4. Import the new certificate into the client (browser):

Connect to webserver port, you will get the privacy error
Click the lock icon, click details, then click View Certificate
Click details, save to file (to export it) and save it locally to the client pc, you can accept the default values.
Go to Chrome settings, enter “ssl” in the search box, then click Manage certificates, click Trusted Root Certification Authorities”, import the certificate we created in previous step.

5. Restart Chrome and verify access to the browser, you should not see any exception again, the new certificate should be in use now.


6. start webview using default port 8080, however you will get some permissions issues, to workaround this issue you need enable SSL for Webview.

For details, see

To workaround the issue open webview-jetty-config.xml, uncomment the line for the jetty config file to enable SSL.

Restart webview and connect again. You should not see any error


7. Create a key token that is required for the REST calls

For details see:

From the Admin, select Generate API Token
Take a note of the key #

8. Perform a REST Call using Postman as a REST Client

Use the token generated in previous step to call any REST method by sending it as an HTTP header 
You must follow the syntax as documented in

In postman:
a) Add a new header:
Authorization: Bearer 28085e41-fc80-490b-9807-7a5dae607d8b

b) Enter the url to list the vertex:

c) Click send button.
Below is the output: