How to Send Secure Packages Using the MOVEit REST API
In this MOVEit Top Tip, Technical Director Chris Payne demonstrates how he recently used the MOVEit Transfer REST API to complete the task of sending a package and returning the package password to the console.
What can APIs be used for?
There are different versions of the MOVEit API available- Java class, Windows.NET and REST – allowing for third-party control of MOVEit services and functionality. Using APIs are becoming increasing popular and provide IT teams with greater options for integration with MOVEit and other solutions within their network.
Examples include:
- Checking for files that have yet to be collected or downloaded
- Creating a folder and applying granular permission controls
- Managing group membership
- Sending and receiving packages (Ad Hoc)
- Extracting logs
- Checking server or MOVEit Transfer status
Why use REST API?
Producing a Script to Connect to the MOVEit REST API
To set the context, we were asked to produce a script which could connect to the MOVEit REST API, send a package to the recipient- which would include a note and file- and return the password to unlock that package to the console.
For those of you who are not familiar with the console, this would be read by the system running the script which means the password could be distrusted to the recipient.
The diagram demonstrates the 3 stages of the workflow.
- Send the package with the package password option
- Send the link to the package to the end user
- Send the password which is generated for the package back to the client application
The solution is supported here, however there are no code examples, so this is where knowledge of programming or scripting is required to proceed. Although, of course help is always available in the right place.
The full script in text format is below:
# Sending a Package and Returning a Password - MOVEit Transfer 2020.1
# ---------------------------------
#
# Author: Chris Payne
# Date: 03 March 2022
#
# This script makes a connection to the MOVEit Transfer REST API. Uploads a file
# from a local drive; creates a package and assigns the uploaded file to it; then
# sends that package. The password for that package is then returned to the console.
#
try {
#hostname/IP address of the MOVEit Transfer server
$hostname = "57.41.97.2"
#username of the account which will be sending the package
$username = "Chris"
#password of the account which will be sending the package
$password = "/^r84JI%4hJQL3ww8m"
#organisation ID of the MOVEit tenant
$orgid = "2632"
#recipient email address of the package
$recipient = testing4@gmail.com
#folder location of the file to be sent in the package
$filelocation = "C:\Users\Chris\Downloads\Packages\"
#file name of the file to be sent in the package
$file = "Testing.txt"
$codepage = "iso-8859-1"
# Ignore trust problems with the server certificate in case of self=signed or other validation issues
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
# Make the request to get an access token
$url = https://$hostname/api/v1/token
$body = @{"grant_type" = "password"; "username" = $username; "password" = $password}
$resp = Invoke-WebRequest -Uri $url -Body $body -Method Post -UserAgent $useragent -UseBasicParsing
# Invoke-Webrequest returns raw JSON. Let's put it into an object and get the access_token key.
$respobj = $resp | ConvertFrom-Json
$accesstoken = $respobj.access_token
# Create a header dictionary that contains the auth token. it has a special format that must be followed.
# This header will be passed with all subsequent REST calls.
$headers = @{"Authorization" = "Bearer $accesstoken"}
#----- upload file to be sent in package -----#
$url = https://$hostname/api/v1/packages/attachments
$file_bin = [System.IO.File]::ReadAllBytes($filelocation + $file)
$enc = [System.Text.Encoding]::GetEncoding($codepage)
$file_enc = $enc.GetString($file_bin)
$CRLF = "`r`n"
$boundary = [System.Guid]::NewGuid().ToString()
$payload = (
"--$boundary",
"Content-Disposition: form-data; name=`"file`"; filename=`"$file`"",
"Content-Type: application/octet-stream$CRLF",
$file_enc,
"--$boundary--$CRLF"
) -join $CRLF
$content_type = "multipart/form-data; boundary=`"$boundary`""
$resp = Invoke-RestMethod -Uri $url -Method Post -Headers $headers -ContentType $content_type -Body $payload
#returns the file id of the file that has been uploaded
$fileid = $resp[0].id
#----- attach uploaded file to package and sent to recipient -----#
$headers.add("Content-Type","application/json")
$url = https://$hostname/api/v1/packages
$payloadjson = @{
#body of package to be sent
body = "This is a test"
#subject of package to be sent
subject = "This is a test"
recipients = @(
@{
identifier = $recipient
}
)
attachments = @(
@{
id = $fileid
}
)
} | ConvertTo-Json
$resp = Invoke-WebRequest -Uri $url -Method post -UserAgent $useragent -Headers $headers -Body $payloadjson -UseBasicParsing | ConvertFrom-Json
#returns the package id of the sent package
$PackageID = $resp[0].id
#----- get the password associated with the package -----#
$payloadjson = @'
{
"Id":"$PackageID"
}
'@
$url = https://$hostname/api/v1/packages/ + $PackageID + "/recipients"
$resp = Invoke-WebRequest -Uri $url -Method Get -UserAgent $useragent -Headers $headers -UseBasicParsing | ConvertFrom-Json
#write the password back to the console
write-host $resp.items.password
} catch {
write-host("Caught exception: $Error")
write-host $_.exception.message
$Error.clear()
}
Configuring MOVEit
It’s important to configure MOVEit to which the basis of the script was created, any changes would require modification to the script. For this script we will need to configure MOVEit to the following:
- Turn off mandatory package classification via SETTINGS > AD HOC TRANSFER > CONTENT > CLASSIFICATION FIELD.
- Ensure that package passwords is selected in SETTINGS > AD HOC TRANSFER > ACCESS > UNREGISTERED RECIPIENTS.
- Ensure that the setting “tell sender which password was generated and then tell the sender to manually deliver the password” is selected in SETTINGS > AD HOC TRANSFER > ACCESS > UNREGISTERED RECIPIENTS.
Working Configuration
Now it’s time to run the script. You can see in the console at the bottom it returns “s6kxn6”- this is the password for the package.
This then sends a package from MOVEit to the test email account. Below you can see that email with the link to retrieve the file. Note that email templates are customisable in MOVEit, this is just the default option.
Clicking on that URL link takes me to the MOVEit logon prompt and pre-populates the username field. Leaving me just to enter the password from the PowerShell console.
On sign-in you can see the package and the testing.txt file ready for download.
There you have it, a demonstration of how REST API can be used to send packages. If you would like to know move about APIs or require any assistance please feel free to get in touch.
Guides:
Need UK-based MOVEit support?
We are certified Progress MOVEit Titanium Partners and our team includes the UK’s leading MOVEit expert.
See our range of support and consultancy services to help you get the most out of your MOVEit solution.