Query Endpoint by Hostname

to clarify - you want the query to the api to provide an endpoint's hostname and the api to only return data for that hostname regardless of the endpoint ID?

In other words, I have hostname (MyComputer) that has endpointID (555444555444) and you want to send in MyComputer and get the data from the record 555444555444?

That's correct. I want to be able to pull a given computer's record from Sophos Central when I know the name but not the endpointID.

A generic search API that will include the ability to search endpoints by name has been requested and scoped, however it has not yet made it on the backlog.

We continue to monitor the demand of this request and will prioritize appropriately.

If this functionality is implemented - we will update the API documentation page.

I'm confused. So all the query parameters at https://developer.sophos.com/docs/endpoint-v1/1/routes/endpoints/get don't actually do anything?

I'm confused. So all the query parameters at https://developer.sophos.com/docs/endpoint-v1/1/routes/endpoints/get don't actually do anything?

Hi Beth, I apologize for the confusion.  I was the source of the response original posted by Richard above.  I believe perhaps I misunderstood the intention of your original question.  Please allow me to clarify.

Yes, the search and filter parameters in the Endpoints API are functional.  My answer was related to the assumption that you may be trying to run a search of endpoints by name across multiple tenants not within a single tenant.  If that was the case it's something we are currently looking at but is not yet on the roadmap.

If your are looking to run this search within a single tenant, please confirm and I can dig up a sample for you or perhaps a script.  I would just caution however that this process does tend to break down a bit if your use case is indeed across multiple tenants and if there are a significant number of endpoints and tenants, you would need to parse each tenant first, and then endpoints for those tenants, then identify the endpoints by name.  

What we've seen arise from other attempts to do this is this will typically start to hit our throttling APIs based on the number of calls required to complete the workflow, hence sparking our internal conversations to possibly provide a search across tenants API, which as I clarified earlier, is not yet on the roadmap. 

I hope that helps clarify and eliminate the confusion.  Please do just confirm back to me your use case and I'm happy to suggest suggestions based on your environment structure.

Hi Beth, here is a JSON sample of a query, filtering by partial hostname of "June", using the hostnameContains query string parameter:

GET /endpoint/v1/endpoints?hostnameContains=June HTTP/1.1
Host: api-xxYY.central.sophos.com
X-Tenant-ID: <Tenant ID>
Authorization: Bearer <JWT Token>

Thank you! This works well enough for what I want to do, which is pull a record from Sophos when I have the full or partial hostname.