ContextQMD
Back to Wazuh

Server API

docs/ref/modules/server-api/README.md

4.14.42.6 KB
Original Source

Server API

The Server API is the REST interface used to manage and interact with the Wazuh manager. It is backed by a Python Framework that implements all business logic, RBAC enforcement, and communication with internal daemons.

The API exposes endpoints for agent management, security configuration, cluster operations, file integrity monitoring, and more. All requests are authenticated via JWT tokens and authorized through a Role-Based Access Control (RBAC) system.

Key Features

  • REST API: Full management interface over HTTPS
  • JWT Authentication: Short-lived EC-signed tokens
  • RBAC: Fine-grained permission control per endpoint and resource
  • Distributed API (DAPI): Transparent request routing across cluster nodes
  • WQL: Server-side query language for filtering large datasets
  • OpenAPI 3.0: Fully specified API contract (spec/spec.yaml)

Key Concepts

ConceptDescription
Server APIREST API used to manage agents, manager, cluster, and security
FrameworkPython backend implementing API behavior and business logic
Core LayerLow-level logic and system interactions
RBACRole-Based Access Control enforced per endpoint
JWTAuthentication mechanism for all API calls
WQLQuery language for filtering and searching API data
DAPIDistributed API layer for cluster-aware request routing

Components

  • Architecture — System architecture, directory structure, execution flow, and DAPI
  • Authentication & Security — JWT, RBAC, rate limiting, and security headers
  • API Reference — Endpoints, WQL, error handling, and input validation
  • Configuration — API, security, and manager configuration
  • Testing — Test structure, locations, and how to run tests

Technology Stack

ComponentTechnology
Web FrameworkStarlette + Connexion
API SpecificationOpenAPI 3.0 (spec.yaml)
AuthenticationPyJWT with EC keys
Async HTTPaiohttp (for WDB HTTP client)
DatabaseWazuh DB (SQLite via Unix sockets)
Security Headerssecure (Python library)
File Watchingasyncio + inotify
XML Parsinglxml + defusedxml
Testingpytest
  • wazuh-db: Stores agent, group, and security data queried by the framework
  • authd: Handles agent registration triggered via /agents endpoints
  • remoted: Agent communication managed through the API
  • Wazuh Dashboard: Consumes the same Server API for its UI