claudetools/.claude/memory/reference_screenconnect_api.md

name, description, metadata

name	description	metadata
reference_screenconnect_api	Working auth + method for the ACG ScreenConnect RESTful API extension (CTRLAuthHeader = raw secret, GetSessionsByName)	type reference

ACG ScreenConnect RESTful API extension — verified working call (2026-06-02, Howard). Credentials in vault msp-tools/screenconnect.sops.yaml (credentials.username, credentials.api_secret).

• Host: https://computerguru.screenconnect.com extension-guid: 2d558935-686a-4bd0-9991-07539f5fe749
• Auth (the non-obvious part): header CTRLAuthHeader: <raw api_secret> with NO Basic prefix and no base64 + header Origin: https://computerguru.screenconnect.com. Putting the secret in Authorization: Basic <b64>, or CTRLAuthHeader: Basic <b64>, both return 401. Raw secret in CTRLAuthHeader is what works.
• Only method that exists: POST /App_Extensions/<guid>/Service.ashx/GetSessionsByName with JSON body {"sessionName":"<name>"}. Every other Get* name (GetSessions, GetSessionList, GetHosts, ...) returns 500 "Web method does not exist". Bad/missing params return 500 "Unknown parameter: <x>" — the valid param is sessionName.
• Big limitation: the match is on the session Name field, which is blank for unattended access agents, so this api user only enumerates a handful of named sessions — it CANNOT list a client's full machine inventory. For per-machine last-seen across a whole client, the API is not sufficient; read the ScreenConnect console (or a screen recording) instead. Session objects do carry LastConnectedEventTime, LastEventTime, GuestInfo.LastActivityTime, and custom props CP1=Company / CP2=Site / CP3=Tag.

Used during the Dataforth Syncro asset cleanup as the third liveness source alongside Syncro + Bitdefender. See reference_acg_msp_stack.