The Sandfly server provides a REST API to further expand its functionality.

The full list of calls for the Sandfly API are available at:

For additional development related information, see the Forensics Keyword List section of the documentation.

Example API Script

As a reference, we have provided a bash script that authenticates and pulls the Sandfly version via the API:

#!/usr/bin/env bash
# Sandfly Security LTD
# Copyright (c) 2016-2021 Sandfly Security LTD, All Rights Reserved.

# A reference example script of using the Sandfly API

cat << EOF

Sandfly API Reference Script

This script will output Sandfly version data to the screen.


if ! command -v jq &> /dev/null
    echo "the 'jq' command could not be found and is required to run this script."
    exit 1

if ! command -v curl &> /dev/null
    echo "The 'curl' command could not be found and is required to run this script."
    exit 1

read -p "Hostname for Sandfly server: " HOSTNAME
if [[ "$HOSTNAME" == "" ]]; then
    echo "Must supply a hostname."
    exit 1

read -s -p "Password for Sandfly admin user: " PASSWORD
if [[ "$PASSWORD" == "" ]]; then
    echo "Must supply a password."
    exit 1

echo "Pulling data from: $HOSTNAME"

ACCESS_TOKEN=$(curl -s -k --request POST --header "Content-Type: application/json" --url https://"$HOSTNAME"/v4/auth/login \
--data "{\"username\":\"admin\",\"password\":\"$PASSWORD\"}" |  jq -r ".access_token")

if [[ "$ACCESS_TOKEN" == "null" ]]; then
  echo "Couldn't get access token for REST API. Check hostname and credentials and try again."
  exit 1

echo "Password OK. Dumping data."

SANDFLY_JSON=$(curl -s -k --request GET --header "Content-Type: application/json" --header "Authorization: Bearer $ACCESS_TOKEN" \
--url https://"$HOSTNAME"/v4/version | jq ".")

if [[ "$SANDFLY_JSON" == "null" ]]; then
  echo "ERROR: Nothing to dump."
  exit 1


echo "Done!"

NOTE: Required External Commands for the Reference Script

This example script requires the use of the curl and jq commands. If either of them are not found, the script will indicate it. Install any missing commands as appropriate for your Operating System to allow this script to run.

This script can be used from any host that has access to the administrative web interface of your Sandfly server.

Previous Article:

Next Article: