In this session, CTP Guy Leech will walk through how to authenticate to Citrix Cloud via OAuth, and how to query and update configuration via the Citrix Cloud REST APIs using PowerShell, without the need for any Citrix PowerShell modules. Removing prerequisites in this way makes the resulting scripts extremely portable.
You'll be able to apply these techniques to other REST APIs from Citrix and across the industry.
This session was presented live at the annual Citrix developer conference Converge, 27th October 2021 https://app.swapcard.com/event/citrix-developer-events-2021/planning/UGxhbm5pbmdfNjk3OTYx
Driving the Citrix Cloud REST
API with PowerShell
Who is this Guy Leech person anyway?
• 25+ years of hands-on working with Citrix & other EUC products
• C/C++ developer prior to that
• 1st ever code (BASIC on Commodore PET) written in 1980 (age 13)!
• Vendor awards from Microsoft, Citrix, VMware and Parallels
• Wannabe comedian
Citrix Cloud CVAD REST API
• Automate deployment, changes, etc using code to CVAD running in Citrix Cloud
• If you can do it in the web console, you can do it via REST (and more)
• REST API usage workflow
• Get API client & store securely (once)
• Generate bearer token (OAuth 2.0)
• Do stuff
• Not available on-premises
• Use PowerShell cmdlets with CVAD ISO or Studio (not Remote PoSH SDK)
Getting the Bearer Token
• Create API Client in Identity & Access Management in cloud.com portal
• Save csv file or client id and secret (securely!)
• POST https://trust.citrixworkspacesapi.net//tokens/clients
• Body contains ClientId & ClientSecret in JSON
• JSON response contains 'token'
• Add to headers for subsequent calls
• Authorization = "CwsAuth Bearer "
• Citrix-CustomerId =
• Pass –SessionVariable and pass returned variable via –WebSession (cookies)
Performing Operations aka Doing Stuff
• Form your URL
• Form your body
• Is a body required – generally not needed for queries
• Hashtable | ConvertTo-Json
• Assign result to variable (if expecting output as per documentation)
• Wrap in try/catch and catch exception – report & remediate – retry ?
• Repeat previous steps as required
• Watch for bearer token expiring (default 1 hour)
• Respect rate limits (10 per second per customer)
Using REST API instead of Citrix Remote PowerShell SDK
• No pre-requisites such as the PowerShell SDK
• Platform & coding language independent
• Need to know the API calls, headers and parameters
• Documentation is comprehensive
• Calls may change but should be backwardly compatible
• Keep the base URL in a variable so only needs changing in one place
• No versioning like with Azure REST API calls
• Easy to reuse code/knowledge for other REST APIs
• Authentication is often different
• Can use with PowerShell 7.x
API Client Scope and Permissions
• API clients in Citrix Cloud are always tied to one administrator and one customer
• API client details are not visible to other administrators
• To access more than one customer create API clients within each customer
• API client gets same permissions as user creating it
• Q. What happens when the person who set up your automation leaves?
Potentially Useful Stuff
• Call rates are limited to 10 launches per second per customerId
• Web search engines*
*Unlikely to be Bing🙂