RESTful API for managing WatchGuard Cloud accounts, sub-accounts, and users. Provides account creation and management, audience token generation for managed account access, hardware/license activation, asset allocation, and operator management. Uses OAuth 2.0 bearer tokens and WatchGuard API Key header authentication.
openapi: 3.1.0
info:
title: WatchGuard Cloud Platform API
description: >-
The WatchGuard Cloud Platform API provides RESTful access to WatchGuard Cloud
account management, including account creation and management, authorization
for managed accounts, device and license activations, asset allocations, and
operator management. All endpoints require an OAuth 2.0 bearer token and a
WatchGuard-API-Key header.
version: v1
contact:
name: WatchGuard Support
url: https://www.watchguard.com/help/docs/API/
servers:
- url: https://api.usa.cloud.watchguard.com/rest
description: USA Region
- url: https://api.eu.cloud.watchguard.com/rest
description: EU Region
- url: https://api.apac.cloud.watchguard.com/rest
description: APAC Region
tags:
- name: Accounts
description: Manage WatchGuard Cloud accounts and sub-accounts.
- name: Authorization
description: Retrieve audience tokens for managed account API access.
- name: Activations
description: Activate hardware devices and software licenses.
- name: Allocations
description: Allocate and deallocate assets to managed accounts.
- name: Operators
description: Manage WatchGuard Cloud operator users.
paths:
/platform/accounts/v1/accounts/{accountId}:
get:
operationId: getAccount
summary: Get Account Information
description: >-
Retrieve information about a WatchGuard Cloud account including contacts,
addresses, parent account, and service properties.
tags:
- Accounts
parameters:
- $ref: '#/components/parameters/AccountId'
- name: fields
in: query
description: Specify additional fields to include in the response.
schema:
type: array
items:
type: string
enum: [contacts, parent, addresses, serviceProperties, delegatedParent]
security:
- bearerAuth: []
apiKeyAuth: []
responses:
'200':
description: Account information retrieved successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/AccountInfo'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
post:
operationId: createAccount
summary: Create Account
description: >-
Create a new WatchGuard Cloud managed account (service provider or subscriber).
tags:
- Accounts
parameters:
- $ref: '#/components/parameters/AccountId'
security:
- bearerAuth: []
apiKeyAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateAccountRequest'
responses:
'200':
description: Account created successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/CreateAccountResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
patch:
operationId: updateAccount
summary: Update Account
description: Update the name and primary contact details of a managed account.
tags:
- Accounts
parameters:
- $ref: '#/components/parameters/AccountId'
security:
- bearerAuth: []
apiKeyAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateAccountRequest'
responses:
'204':
description: Account updated successfully.
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
delete:
operationId: deleteAccount
summary: Delete Account
description: Delete a managed WatchGuard Cloud account and optionally all its sub-accounts.
tags:
- Accounts
parameters:
- $ref: '#/components/parameters/AccountId'
- name: force
in: query
description: If true, delete the account and all managed sub-accounts.
schema:
type: boolean
default: false
security:
- bearerAuth: []
apiKeyAuth: []
responses:
'200':
description: Account deleted successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteAccountResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/platform/accounts/v1/accounts/{accountId}/children:
get:
operationId: getManagedAccounts
summary: Get Managed Accounts
description: >-
Retrieve a paginated list of accounts managed by the specified account.
tags:
- Accounts
parameters:
- $ref: '#/components/parameters/AccountId'
- name: type
in: query
description: Filter by account type (0=All, 1=Service Provider, 2=Subscriber).
schema:
type: integer
enum: [0, 1, 2]
- name: sortBy
in: query
schema:
type: string
enum: [name, type]
- name: sortOrder
in: query
schema:
type: string
enum: [asc, desc]
- name: offset
in: query
schema:
type: integer
minimum: 0
- name: limit
in: query
schema:
type: integer
minimum: 1
- name: name
in: query
description: Filter accounts by name.
schema:
type: string
- name: includeDelegatedAccounts
in: query
schema:
type: boolean
default: false
security:
- bearerAuth: []
apiKeyAuth: []
responses:
'200':
description: List of managed accounts.
content:
application/json:
schema:
$ref: '#/components/schemas/ManagedAccountList'
'401':
$ref: '#/components/responses/Unauthorized'
/platform/authorization/v1/audiences:
post:
operationId: getAudience
summary: Get Audience Token
description: >-
Returns the audience parameter value for a managed account. Required by
service providers when submitting API requests on behalf of a managed account.
tags:
- Authorization
security:
- bearerAuth: []
apiKeyAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AudienceRequest'
responses:
'200':
description: Audience token returned successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/AudienceResponse'
'401':
$ref: '#/components/responses/Unauthorized'
/platform/activation/v1/activate:
post:
operationId: activateDeviceOrLicense
summary: Activate Device or License
description: >-
Activate one or more WatchGuard hardware devices or software licenses
by serial number or license key. Activation is asynchronous — use the
status URL to poll for completion.
tags:
- Activations
security:
- bearerAuth: []
apiKeyAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ActivationRequest'
responses:
'202':
description: Activation accepted and queued for processing.
content:
application/json:
schema:
$ref: '#/components/schemas/ActivationResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/platform/activation/v1/recentactivations:
get:
operationId: getRecentActivations
summary: Get Recent Activations
description: Retrieve a paginated list of recent activation batches.
tags:
- Activations
parameters:
- name: offset
in: query
schema:
type: integer
default: 0
- name: limit
in: query
schema:
type: integer
default: 100
- name: sortBy
in: query
schema:
type: string
nullable: true
security:
- bearerAuth: []
apiKeyAuth: []
responses:
'200':
description: Recent activations list.
content:
application/json:
schema:
$ref: '#/components/schemas/RecentActivationsList'
'401':
$ref: '#/components/responses/Unauthorized'
/platform/activation/v1/activationbatchstatuses/{batchId}:
put:
operationId: getActivationStatus
summary: Get Activation Status
description: >-
Retrieve the status of individual activation line items within a batch.
tags:
- Activations
parameters:
- name: batchId
in: path
required: true
description: Activation batch ID returned by the activate endpoint.
schema:
type: string
- name: offset
in: query
schema:
type: integer
default: 0
- name: limit
in: query
schema:
type: integer
default: 100
security:
- bearerAuth: []
apiKeyAuth: []
responses:
'200':
description: Activation batch status.
content:
application/json:
schema:
$ref: '#/components/schemas/ActivationStatusResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/platform/allocation/v2/{accountId}/assets:
post:
operationId: allocateAsset
summary: Allocate Asset
description: >-
Allocate hardware devices or software licenses from the parent account
to a managed account.
tags:
- Allocations
parameters:
- $ref: '#/components/parameters/AccountId'
security:
- bearerAuth: []
apiKeyAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AllocateAssetRequest'
responses:
'200':
description: Asset allocated successfully.
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
delete:
operationId: deallocateAsset
summary: Deallocate Asset
description: Remove an asset allocation from a managed account.
tags:
- Allocations
parameters:
- $ref: '#/components/parameters/AccountId'
security:
- bearerAuth: []
apiKeyAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/DeallocateAssetRequest'
responses:
'204':
description: Asset deallocated successfully.
'401':
$ref: '#/components/responses/Unauthorized'
/platform/allocation/v2/{accountId}/assets/summary/{resourceType}:
get:
operationId: getInventorySummary
summary: Get Inventory Summary
description: Retrieve asset inventory summary by allocation status for an account.
tags:
- Allocations
parameters:
- $ref: '#/components/parameters/AccountId'
- name: resourceType
in: path
required: true
description: Type of resource (hardware or software).
schema:
type: string
enum: [hardware, software]
- name: allocationStatus
in: query
schema:
type: string
- name: offset
in: query
schema:
type: integer
- name: limit
in: query
schema:
type: integer
security:
- bearerAuth: []
apiKeyAuth: []
responses:
'200':
description: Inventory summary.
'401':
$ref: '#/components/responses/Unauthorized'
/platform/operator-mgmt/v1/operators:
post:
operationId: createOperators
summary: Create Operators
description: Create one or more WatchGuard Cloud operator users for an account.
tags:
- Operators
security:
- bearerAuth: []
apiKeyAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateOperatorRequest'
responses:
'200':
description: Operator creation queued.
content:
application/json:
schema:
$ref: '#/components/schemas/OperatorTransactionResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
patch:
operationId: updateOperators
summary: Update Operators
description: Update existing WatchGuard Cloud operator user information.
tags:
- Operators
security:
- bearerAuth: []
apiKeyAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateOperatorRequest'
responses:
'200':
description: Operator update queued.
content:
application/json:
schema:
$ref: '#/components/schemas/OperatorTransactionResponse'
'401':
$ref: '#/components/responses/Unauthorized'
/platform/operator-mgmt/v1/DeleteOperators:
post:
operationId: deleteOperators
summary: Delete Operators
description: Delete one or more WatchGuard Cloud operator users.
tags:
- Operators
security:
- bearerAuth: []
apiKeyAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteOperatorRequest'
responses:
'200':
description: Operator deletion queued.
content:
application/json:
schema:
$ref: '#/components/schemas/OperatorTransactionResponse'
'401':
$ref: '#/components/responses/Unauthorized'
/platform/operator-mgmt/v1/TransactionStatus:
get:
operationId: getOperatorTransactionStatus
summary: Get Operator Transaction Status
description: Check the status of a previously submitted operator management transaction.
tags:
- Operators
parameters:
- name: transaction_id
in: query
required: true
description: Transaction ID returned by a create/update/delete operator request.
schema:
type: string
security:
- bearerAuth: []
apiKeyAuth: []
responses:
'200':
description: Transaction status.
content:
application/json:
schema:
$ref: '#/components/schemas/TransactionStatusResponse'
'401':
$ref: '#/components/responses/Unauthorized'
/platform/operator-mgmt/v1/OperatorsByAccountId:
get:
operationId: getOperatorsByAccount
summary: Get Operators by Account
description: Retrieve all operator users associated with a WatchGuard Cloud account.
tags:
- Operators
parameters:
- name: account_id
in: query
required: true
description: WatchGuard Cloud account ID.
schema:
type: string
security:
- bearerAuth: []
apiKeyAuth: []
responses:
'200':
description: List of operators for the account.
content:
application/json:
schema:
$ref: '#/components/schemas/OperatorListResponse'
'401':
$ref: '#/components/responses/Unauthorized'
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: OAuth 2.0 access token obtained from the WatchGuard Authentication API.
apiKeyAuth:
type: apiKey
in: header
name: WatchGuard-API-Key
description: API key from the WatchGuard Cloud Managed Access page.
parameters:
AccountId:
name: accountId
in: path
required: true
description: WatchGuard Cloud account ID (e.g., WGC-1-123abc456 or ACC-1234567).
schema:
type: string
responses:
Unauthorized:
description: Unauthorized — invalid or expired access token or API key.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
BadRequest:
description: Bad request — validation error in request body or parameters.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
NotFound:
description: Resource not found.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
schemas:
AccountInfo:
type: object
description: WatchGuard Cloud account information.
properties:
accountId:
type: string
name:
type: string
status:
type: string
type:
type: integer
description: 1=Service Provider, 2=Subscriber
contacts:
type: object
properties:
primaryContactId:
type: string
firstName:
type: string
lastName:
type: string
email:
type: string
phone:
type: string
addresses:
type: object
parent:
type: object
properties:
id:
type: string
access:
type: string
serviceProperties:
type: object
CreateAccountRequest:
type: object
required: [type, name, firstName, lastName, email]
properties:
type:
type: integer
enum: [1, 2]
description: 1=Service Provider, 2=Subscriber
name:
type: string
firstName:
type: string
lastName:
type: string
email:
type: string
format: email
CreateAccountResponse:
type: object
properties:
accountID:
type: string
description: Newly created account ID.
UpdateAccountRequest:
type: object
required: [name, firstName, lastName, email]
properties:
name:
type: string
firstName:
type: string
lastName:
type: string
email:
type: string
format: email
DeleteAccountResponse:
type: object
properties:
childIds:
type: array
items:
type: string
description: IDs of deleted child accounts.
ManagedAccountList:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/ManagedAccount'
pageControls:
$ref: '#/components/schemas/PageControls'
ManagedAccount:
type: object
properties:
accountId:
type: string
name:
type: string
type:
type: integer
parentAccess:
type: string
totalOperators:
type: integer
PageControls:
type: object
properties:
limit:
type: integer
offset:
type: integer
totalItems:
type: integer
AudienceRequest:
type: object
required: [accountId]
properties:
accountId:
type: string
description: Account ID of the managed account to get the audience token for.
AudienceResponse:
type: object
properties:
audience:
type: string
description: Audience token value for the specified managed account.
ActivationRequest:
type: object
properties:
activations:
type: array
items:
type: object
properties:
activationKey:
type: string
description: Serial number or license key to activate.
ActivationResponse:
type: object
properties:
activations:
type: array
items:
type: object
properties:
batchId:
type: string
status:
type: string
enum: [Processing, Created, Complete, CompleteWithErrors]
statusUrl:
type: string
RecentActivationsList:
type: object
properties:
results:
type: array
items:
type: object
properties:
batchId:
type: string
activationStatus:
type: string
created:
type: string
format: date-time
lastModified:
type: string
format: date-time
lineItemCount:
type: integer
pagination:
$ref: '#/components/schemas/Pagination'
ActivationStatusResponse:
type: object
properties:
results:
type: array
items:
type: object
properties:
lineItemId:
type: string
activationKey:
type: string
status:
type: string
enum: [Created, Queued, Pending, Success, Failed]
created:
type: string
format: date-time
lastModified:
type: string
format: date-time
pagination:
$ref: '#/components/schemas/Pagination'
AllocateAssetRequest:
type: object
properties:
productName:
type: string
allocationType:
type: string
quantity:
type: integer
serialOrLicense:
type: string
allocationExpiryType:
type: string
allocationExpiryDate:
type: string
format: date
DeallocateAssetRequest:
type: object
properties:
productName:
type: string
allocationType:
type: string
serialOrLicense:
type: string
CreateOperatorRequest:
type: object
required: [username, accountId, firstName, lastName, email, phone, role]
properties:
username:
type: string
accountId:
type: string
firstName:
type: string
lastName:
type: string
email:
type: string
format: email
phone:
type: string
role:
type: string
password:
type: string
UpdateOperatorRequest:
type: object
required: [username, accountId]
properties:
username:
type: string
accountId:
type: string
firstName:
type: string
lastName:
type: string
phone:
type: string
role:
type: string
DeleteOperatorRequest:
type: object
required: [username, accountId]
properties:
username:
type: string
accountId:
type: string
OperatorTransactionResponse:
type: object
properties:
transaction_id:
type: string
status:
type: string
message:
type: string
TransactionStatusResponse:
type: object
properties:
status:
type: string
transaction_status:
type: array
items:
type: object
properties:
username:
type: string
status:
type: string
message:
type: string
OperatorListResponse:
type: object
properties:
result:
type: array
items:
type: object
properties:
accountId:
type: string
email:
type: string
firstName:
type: string
lastName:
type: string
phone:
type: string
mfa:
type: boolean
userName:
type: string
status:
type: string
Pagination:
type: object
properties:
offset:
type: integer
limit:
type: integer
totalResults:
type: integer
ErrorResponse:
type: object
properties:
code:
type: integer
message:
type: string
details:
type: string